Skip to content
← Back to Community
PSA: Please hide your .git folders
Profile icon
RiversideRocks

I've noticed that in the PHP web server project .git files can be accessed from the internet. With some effort, somebody could in theory rebuild your project's source code even if your project is private.

Voters
Profile icon
sponege
Profile icon
programmeruser
Profile icon
RiversideRocks
Comments
hotnewtop
Profile icon
programmeruser

Technically it doesn't matter if your projects is open source. .env files might need to be hidden, but you can just add that to .gitignore. And the reason that PHP isn't really that good and uses the development server is because the repl.it team is more focused on technologies such as Node.js. It's technically impossible to hide the .git directory since the development server isn't apache (although I have gotten it to work).

Profile icon
RiversideRocks

@programmeruser Some users are not as smart and will just leave stuff in non .env files. The best idea is just to remove .git.