Subversion and Webroot Security
I’ve taken up managing my deployed web applications with subversion, similar to how I manage my Wordpress installs.
However, a new issue arises. The source code to my apps is not necessarily a public domain, open source deal (like Wordpress), and there is nothing to stop someone going to
http://example.com/some_directory/.svn/ and poking around at the code. This problem gets even worse if the configuration is being version controlled (think database usernames/passwords).
A fix, the aggregate of several posts on subversion-users. Add the following lines to your Apache configuration file (tested on Apache 2).
<DirectoryMatch /\.svn(/|$)> Order allow,deny deny from all </DirectoryMatch>
Well recommended for anyone using subversion in publicly visible directories on web servers.