Subversion is a powerful tool. Not only does it allow multiple developers to collaborate on a project, but it allows you to easily deploy your projects to the production server. If you are using a checked out repository on your production server, rather than an exported copy, it is crucial that you protect your hidden .svn directories.

If you do not take measures to protect these hidden folders then your website will become extremely susceptible to attack. Your .svn folders contain the pristine copies of every file with a .base extension. This means that someone with a little know-how can navigate through your .svn folders and download your config files and obtain sensitive information such as your database password. On top of that, they can simply steal all of your code and reproduce your site elsewhere with their name on the bottom.

So how do you protect your site against these attacks? If you have access to the domain’s configuration files you can deny access there by adding the following lines:

<Directory ~ â€œ^\.svnâ€> Deny from all </Directory>

If you are on a shared hosting plan and do not have access to these configuration files, then you can make use of mod_rewrite to block access to the subversion directories. Open up your .htaccess file in your favourite text editor and include the following:

RewriteEngine on # Hide .SVN Folders RewriteRule ^(.*/)*\.svn/ / [F,L]

With these in place your website is now much a safer place.