/config/database.yml accessable in beta/alpha

toddf · March 4, 2010, 3:01am

we’re not sure how to stop this, but on a few of our projects the
database.yml is accessble and on others it’s not (only in an alpha/beta
environment, production is OK).

regardless we still need to stop it from being accessed.

an example is beta.mydomain.com/config/database.yml

that will actually download the database.yml file. any ideas on how to
stop this from happening?

we’ve tried blocking it in the nginx config to no avail. it has to be
something we’ve done to our ruby configs somewhere.

thanks

toddf · May 24, 2010, 9:07pm

an example is beta.mydomain.com/config/database.yml

your rails app should only “reveal” its public folder and
contents…really it should…

toddf · August 18, 2010, 11:01am

Roger P. wrote:

an example is beta.mydomain.com/config/database.yml

your rails app should only “reveal” its public folder and
contents…really it should…

yeah should… but it’s not.

if i go direct to that file and folder i can download the yml.

is there a config issue or environment setting we can update? it only
happens on non production environments.