© 2013 All rights reserved.
0

Safe repository. Hack SVN (GIT hack)

If you are using for your website any repository system, beware how you do deploy the web.

A simple example of the abuse

(a example for SVN system – works the same for GIT)

1. open google and search for the:

 



git repo

 

2. open any link and find the file with name “entries”

 



git repo

 

3. found in the file path to the repository

 



git repo

 

4. open your SVN client and download this repository

 



git repo

 

5. you have the entire contents of the repository

 



git repo

 

Of course, the repository can be password-protected or otherwise secured, but also in this case it is a risk.

Securing Apache

Server settings:

Generates a 403 Forbidden page, and will not allow viewing svn directory structure.

Alternatively, you can disable this in the htaccess file:

Result

The best solution is delete a .svn directories to the public or not copy at public webspace.

Comments (0)

No comments yet, but you can be the first..

Add comment

About
Hi, i am programmer from the Czech Republic. I love web development (Ruby, Ruby on Rails, PHP, Nette) and iOS development (Objective-C, Cocoa).
To cooperate, here is my phone:
+420 608 836