Comments on: Capistrano security fun

By: Jonathan Wilkins

Jonathan Wilkins — Tue, 23 Oct 2007 19:44:50 +0000

Capistrano 2.0 fixes this. You can do:

set :deploy_via, :copy
set :copy_strategy, :export

And it will only send a tarball of your exported sources up.

By: Andrew Beacock

Andrew Beacock — Wed, 11 Jul 2007 07:30:29 +0000

Andrew, thank you so much for writing such a detailed post, it was no 1 in my google search on “capistrano svn security”

http://www.google.com/search?q=capistrano+svn+security&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:official&client=firefox-a

I’ve only started using Capistrano this morning and was already worried by the “svn checkout on a live server” issue.

I’ll go and read the other links in the comments now.

I know it’s been a few months now since your post, what is your current “best practice” way of deploying via Capistrano?

By: Terinea Tech Tips

Terinea Tech Tips — Tue, 20 Mar 2007 14:02:07 +0000

Off subject matter – Thanks for adding our company to your Edinburgh software companies page.

Jamie

By: Anders Vesterberg

Anders Vesterberg — Tue, 13 Mar 2007 12:38:16 +0000

So nice to see a software blogger, that’s even using Ruby and that is also a bass player! Am I right? Then we are at least two! Have a look at http://www.vesterberg.se.

All the best,
Anders Vesterberg

By: Erik Karulf

Erik Karulf — Mon, 12 Mar 2007 19:05:09 +0000

Just as a follow up, I patched Penny Arcade to block at the server level any .svn entries. This is a relic from our old Capistrano deployment model. Humorously, we found the model to involve too many holes to be punched in our firewall so we started working on an in house solution. Our new deployment model is in the testing stage and involves FreeBSD’s jailing and some nullfs voodoo.

All the passwords and hostnames have long since expired so for us the worst part is people probably saw some of the old PHP code I inherited, which I don’t really want myself or PA associated with.

Anyway thanks for the heads up.