Forum: Rails deployment /config/database.yml accessable in beta/alpha

/config/database.yml accessable in beta/alpha
Posted by Todd Fox (foxxx)
on 2010-03-04 03:01 
we're not sure how to stop this, but on a few of our projects the
database.yml is accessble and on others it's not (only in an alpha/beta
environment, production is OK).

regardless we still need to stop it from being accessed.

an example is beta.mydomain.com/config/database.yml

that will actually download the database.yml file. any ideas on how to
stop this from happening?

we've tried blocking it in the nginx config to no avail. it has to be
something we've done to our ruby configs somewhere.

thanks
Edit | Move | Delete topic | Reply with quote
Re: /config/database.yml accessable in beta/alpha
Posted by Roger Pack (rogerdpack)
on 2010-05-24 21:07 
> an example is beta.mydomain.com/config/database.yml

your rails app should only "reveal" its public folder and 
contents...really it should...
Edit | Delete | Reply with quote
Re: /config/database.yml accessable in beta/alpha
Posted by Todd Fox (foxxx)
on 2010-08-18 11:01 
Roger Pack wrote:
> 
>> an example is beta.mydomain.com/config/database.yml
> 
> your rails app should only "reveal" its public folder and 
> contents...really it should...

yeah should... but it's not.

if i go direct to that file and folder i can download the yml.

is there a config issue or environment setting we can update? it only 
happens on non production environments.
Edit | Delete | Reply with quote
Enable email notification | Enable multi-page view
Please log in before posting. Registration is free and takes only a minute.
Existing account (Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
No account? Register here.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.