Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
How to protect the git respository for a public_html folder on a Linux server?
On a Linux server, if you leave the .git folder unprotected in the public_html folder, its possible that someone could download the folder and then gain access to your files.
There are two ways I have seen of preventing this,
- Move it up one level and then in the .gitignore ignore all folders except the public_html.
- Deny access in the .htaccess.
Is there a better way of protecting the .git folder?
2 answers
If you can, have the repository locally and/or in a Git server. Use rsync
to deploy updates to public_html
.
If the repository still needs to live in that same server, same applies (rsync
, just locally and not remotely), but the repository lives under $HOME
, not in public_html
.
You might replace rsync
for scp
(or cp
locally) but when you can afford it because very small sites with negligible transfer times.
0 comment threads
The best practice here is, Don't deploy your .git
folder to your web server. Then there's nothing to protect.
0 comment threads