we're not sure how to stop this, but on a few of our projects the database.yml is accessble and on others it's not (only in an alpha/beta environment, production is OK). regardless we still need to stop it from being accessed. an example is beta.mydomain.com/config/database.yml that will actually download the database.yml file. any ideas on how to stop this from happening? we've tried blocking it in the nginx config to no avail. it has to be something we've done to our ruby configs somewhere. thanks
on 2010-03-04 03:01
on 2010-05-24 21:07
> an example is beta.mydomain.com/config/database.yml your rails app should only "reveal" its public folder and contents...really it should...
on 2010-08-18 11:01
Roger Pack wrote: > >> an example is beta.mydomain.com/config/database.yml > > your rails app should only "reveal" its public folder and > contents...really it should... yeah should... but it's not. if i go direct to that file and folder i can download the yml. is there a config issue or environment setting we can update? it only happens on non production environments.