.git and .gitignore folders exposed

[mcdragon]

Just been reading this article about potential issues having these two folders clearly readable.
The solution of adding

Code: Select all

RedirectMatch 404 /\.git

to .htaccess seems to work.
Would it be a good idea to add it to the .htaccess file deployed by tt-rss?

Thanks and pardon if its a n00b post.

Martin

[fox]

you do of course realize that ttrss code is publicly available?

I can only suggest you think before posting on this forum in the future

preferably instead really

[JustAMacUser]

Deja vu ...

https://tt-rss.org/forum/viewtopic.php?f=10&t=3432&p=20546&hilit=Bad+form#p20542

[dxbi]

Well it might be relevant if someone also tracks their config in git (which is not a terrible idea tbh).

[fox]

there's many ways an idiot can shoot himself in the foot. i'm however not sure if adding half-assed workarounds like the aforementioned .htaccess idea (you ever heard of anything other than apache, op?) to try to stop them from doing so is our job.

the fossbytes writer guy has a point in that a vast majority of "web developers" are drooling retards. you don't even need to engage in srs hackery like git-cloning some shit site, they make it easy for you by keeping their ec2 credentials and database passwords and stuff right on fucking github.

also, config.php in tt-rss is mentioned in .gitignore. if someone force-adds it to the repo and gets their shit stolen they aren't going to receive any sympathy from me.