/config/database.yml accessable in beta/alpha

we’re not sure how to stop this, but on a few of our projects the
database.yml is accessble and on others it’s not (only in an alpha/beta
environment, production is OK).

regardless we still need to stop it from being accessed.

an example is beta.mydomain.com/config/database.yml

that will actually download the database.yml file. any ideas on how to
stop this from happening?

we’ve tried blocking it in the nginx config to no avail. it has to be
something we’ve done to our ruby configs somewhere.

thanks

an example is beta.mydomain.com/config/database.yml

your rails app should only “reveal” its public folder and
contents…really it should…

Roger P. wrote:

an example is beta.mydomain.com/config/database.yml

your rails app should only “reveal” its public folder and
contents…really it should…

yeah should… but it’s not.

if i go direct to that file and folder i can download the yml.

is there a config issue or environment setting we can update? it only
happens on non production environments.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs