9 years ago
1
One in every 600 websites has .git exposed
For web developers, exposing your .git folder to the world is a novice mistake. It allows anyone to download your entire source code repository, which often includes database passwords, salts, hashes, and third party API keys or usernames and passwords.
Continue Reading http://www.jamiembrown.com
Join the Discussion
Personally my web based repo's are like* this:
When you configure /t/apache/, /t/nginx/ or what ever web server software you prefer, point the root directory at /public/ and keep anything you don't want people to publicly access a level under that directory. It's not rocket appliances (NSFW: Language).
* By like, I mean like. Names are not accurate for security reasons.