How to restrict access to my deploy.rb file?


#1

I would like to restrict the access to the deploy.rb file to prevent any
mods from anybody that could cause major issue in production zone for
instance.

I do know that I can keep the deploy.rb any from the project. I’d like
to know some real world process for this.

Thank you

Rémi


#2

Rémi Gagnon wrote:

I would like to restrict the access to the deploy.rb file to prevent any
mods from anybody that could cause major issue in production zone for
instance.

I do know that I can keep the deploy.rb any from the project. I’d like
to know some real world process for this.

Thank you

Rémi

I recommend having the deploy script prompt for passwords (SSH, SVN/Git,
etc) instead of baking them in in plain text. That way the script is
useless without credentials.


#3

Jeremy Weiskotten wrote:

Rémi Gagnon wrote:

I would like to restrict the access to the deploy.rb file to prevent any
mods from anybody that could cause major issue in production zone for
instance.

I recommend having the deploy script prompt for passwords (SSH, SVN/Git,
etc) instead of baking them in in plain text. That way the script is
useless without credentials.

+1. Additional things that you can undertake:

  • Use SSH keys. The best security model relies on something that you
    know (credentials) plus something that you have (private keys).

  • Keep a deploy.example.rb file under source control and set the actual
    deploy.rb to ignore. This is not a substitute for prompting passwords!
    You can use it to add a layer of obscurity for your repository URL and
    server hostnames.


Roderick van Domburg
http://www.nedforce.com