PSA: Please hide your .git folders
RiversideRocks (1)

I've noticed that in the PHP web server project .git files can be accessed from the internet. With some effort, somebody could in theory rebuild your project's source code even if your project is private.

You are viewing a single comment. View All
programmeruser (434)

Technically it doesn't matter if your projects is open source. .env files might need to be hidden, but you can just add that to .gitignore. And the reason that PHP isn't really that good and uses the development server is because the team is more focused on technologies such as Node.js. It's technically impossible to hide the .git directory since the development server isn't apache (although I have gotten it to work).

RiversideRocks (1)

@programmeruser Some users are not as smart and will just leave stuff in non .env files. The best idea is just to remove .git.