Security is not "as simple as this." When the damage is done, firing people is just a consequence, not a solution. Besides, if you read the post, you'll see it explicitly says "don't deploy git". Blocking is just an additional layer of protection for those who don't have that knowledge, the possibility to change configurations, or DevOps to fire.
Comment deleted
Comment hidden by post author - thread only visible in this permalink
The point is that .git should not be deployed whatsoever, which should have been easily verifiable in a lower environment before it gets into production, so there should not be a scenario where you have to scramble to block access to it.
Comment deleted
Comment deleted
Comment hidden by post author - thread only visible in this permalink
Lol, you mention "don't deploy the .git/ folder" once, and spend literally the rest of the post talking about blocking access to a deployed .git folder. The impression you are making is that having .git deployed is an acceptable scenario, and the solution is to control access. My point is exactly that having .git deployed to a production server is not acceptable under no circumstances, and that there ought not be any scenario where this even accidentally happens, because any proper CI process should catch it.
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If your
.gitgets deployed, your DevOps engineer ought to be fired.It's as simple as this: "do not deploy .git".
All this access blocking business is pointing in the wrong direction.
Security is not "as simple as this." When the damage is done, firing people is just a consequence, not a solution. Besides, if you read the post, you'll see it explicitly says "don't deploy git". Blocking is just an additional layer of protection for those who don't have that knowledge, the possibility to change configurations, or DevOps to fire.
Lol. Looks like my comment was hidden too.
The point is that
.gitshould not be deployed whatsoever, which should have been easily verifiable in a lower environment before it gets into production, so there should not be a scenario where you have to scramble to block access to it.Lol, you mention "don't deploy the .git/ folder" once, and spend literally the rest of the post talking about blocking access to a deployed
.gitfolder. The impression you are making is that having.gitdeployed is an acceptable scenario, and the solution is to control access. My point is exactly that having.gitdeployed to a production server is not acceptable under no circumstances, and that there ought not be any scenario where this even accidentally happens, because any proper CI process should catch it.