We have a rails application in subversion that we deploy with Capistrano but have noticed that we can access the files in '/.svn', which presents a security concern.
I wanted to know what the best way to do this. A few ideas:
I don't really like the idea of deleting the folders or using svn export, since I would like to keep the 'svn info' around.
The best option is to use Apache configuration.
Using htaccess or global configuration depends mainly on if you control your server.
If you do, you can use something like
<DirectoryMatch .*\.svn/.*> Deny From All </DirectoryMatch>
If you don't, you can do something similar in .htaccess files with FilesMatch