Jon Simpson
Subversion and Webroot Security
I’ve taken up managing my deployed web applications with subversion, similar to how I manage my Wordpress installs.
However, a new issue arises. The source code to my apps is not necessarily a public domain, open source deal (like Wordpress), and there is nothing to stop someone going to http://example.com/.svn/ or http://example.com/some_directory/.svn/ and poking around at the code. This problem gets even worse if the configuration is being version controlled (think database usernames/passwords).
A fix, the aggregate of several posts on subversion-users. Add the following lines to your Apache configuration file (tested on Apache 2).
<DirectoryMatch /\.svn(/|$)>
Order allow,deny
deny from all
</DirectoryMatch>
Well recommended for anyone using subversion in publicly visible directories on web servers.