- From a report: Vladimir Smitka began his .git directory\r
- odyssey in July when he began looking at Czech websites to\r
- find how many were improperly configured and allow access to\r
- their .git folders within the file versions repository. Open\r
- .git directories are a particularly dangerous issue, he said,\r
- because they can contain a great deal of sensitive\r
- information. "Information about the website's structure, and\r
- sometimes you can get very sensitive data such as database\r
- passwords, API keys, development IDE settings, and so on.\r
- However, this data shouldn't be stored in the repository, but\r
- in previous scans of various security issues, I have found\r
- many developers that do not follow these best practices,"\r
- Smitka wrote. Smitka queried 230 million websites to discover\r
- the 390,000 allowing access to their .git directories. The\r
- vast majority of the websites with open directories had a .com\r
- TLD with .net, .de, .org and uk comprising most of the others.\r
+ From a report:\r
+ \r
+ > Vladimir Smitka began his .git directory odyssey in July\r
+ when he began looking at Czech websites to find how many were\r
+ improperly configured and allow access to their .git folders\r
+ within the file versions repository. Open .git directories are\r
+ a particularly dangerous issue, he said, because they can\r
+ contain a great deal of sensitive information. "Information\r
+ about the website's structure, and sometimes you can get very\r
+ sensitive data such as database passwords, API keys,\r
+ development IDE settings, and so on. However, this data\r
+ shouldn't be stored in the repository, but in previous scans\r
+ of various security issues, I have found many developers that\r
+ do not follow these best practices," Smitka wrote. Smitka\r
+ queried 230 million websites to discover the 390,000 allowing\r
+ access to their .git directories. The vast majority of the\r
+ websites with open directories had a .com TLD with .net, .de,\r
+ .org and uk comprising most of the others.\r
+ \r
+ \r
+ \r
+ [1] https://www.scmagazine.com/home/news/400000-websites-vulne-\r
+ rable-through-exposed-git-directories/\r