The point is that .git should not be deployed whatsoever, which should have been easily verifiable in a lower environment before it gets into production, so there should not be a scenario where you have to scramble to block access to it.
Comment deleted
Comment deleted
Comment hidden by post author - thread only visible in this permalink
Lol, you mention "don't deploy the .git/ folder" once, and spend literally the rest of the post talking about blocking access to a deployed .git folder. The impression you are making is that having .git deployed is an acceptable scenario, and the solution is to control access. My point is exactly that having .git deployed to a production server is not acceptable under no circumstances, and that there ought not be any scenario where this even accidentally happens, because any proper CI process should catch it.
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Lol. Looks like my comment was hidden too.
The point is that
.git
should not be deployed whatsoever, which should have been easily verifiable in a lower environment before it gets into production, so there should not be a scenario where you have to scramble to block access to it.Lol, you mention "don't deploy the .git/ folder" once, and spend literally the rest of the post talking about blocking access to a deployed
.git
folder. The impression you are making is that having.git
deployed is an acceptable scenario, and the solution is to control access. My point is exactly that having.git
deployed to a production server is not acceptable under no circumstances, and that there ought not be any scenario where this even accidentally happens, because any proper CI process should catch it.