Archive for the ‘repository’ tag
Did you hide your SVN?
If you use SVN on your development or production server, try and add “/.svn/entries” to your website root, so the URL would look like this http://yoursite.com/.svn/entries (note the absence of the trailing slash).
Those who aware of the possible outcomes of letting svn resources be accessible from the Internet can skip this post. Others using SVN, be aware.
Using the .svn resources exposed to the world, I can get such information as the repository address (in conjunction with other data, it’s likely to have a working copy of the repo), developers login, corresponding deployment information, etc.
The problem is very common and you can even try to steal valuable information from leaders of the industry ( the first one that comes to my mind is classmates.com – .svn resources are open at the time of writing this post). Moreover, there are web-sites on the Internet that allow anonymous checkout of their own code.
The problem can be solved within 5 minutes and the recipe is widely-known ( check out google results ).
RSS me