Saturday, July 9, 2011

Security issue when deploying production website with Subversion (SVN)

If you use Subversion (SVN) to deploy your website, there is a security issue you may want to consider.

All the hidden ".svn" directories in your deployment may have their files accessible by Apache. As a result, Apache will happily serve these files, that often contain private information, to the entire web.

If you perform a quick Google search using the syntax below it becomes apparent that many websites have this security hole:

intitle:"Directory Listing" inurl:".svn/text-base"



There is an easy way to resolve the issue. Add the following line to your website's Apache configuration:

RedirectMatch 404 /\\.svn(/|$)

This will direct Apache to redirect all requests to files/folders in a ".svn" directory to a 404 page. Thus extinguishing the threat.

3 comments:

  1. While selling and delivery this products they take many security things with them for various purposes.so that no one can have their information through this way.


    Microphones

    ReplyDelete
  2. While sending some information about websites and through it then a security wants some specific code number from that person.And if he able to present that then he is allowed to stay in that page.



    Video Projector

    ReplyDelete
  3. A good website, with suitable technology stack in which it is deployed. results in a perfect outlook. For such webpages and applications best technology and best analysts amalgamate their efforts. Online Air Ticket Booking

    ReplyDelete