I'm just getting started with Git. I'll be doing PHP development and was wondering if I should initialize my repo within my server root folder, or any directory on my hard drive and publish my changes to the server root. Does it really matter, any pros/cons?
For now, this is just to keep track of personal projects I'm doing for fun, but any feedback on best practice, personal preference/experience, do's and don'ts will be greatly appreciated.
Putting your source control files in the deployed directory runs the risk of exposing those files and their complete history. This is potentially a bad thing (do you have passwords in these files? Are the files themselves important to not let leak?)
One could try to staunch this by putting a .htaccess to restrict raw access to .git files from a web browser:
RedirectMatch 404 "(?:.*)/(?:\.git|file_or_dir)(?:/.*)?$"
However, this only restricts files that way - it doesn't prevent someone from passing in something to poorly coded php that accesses those files.
The best way to avoid this is to keep the git repository well away from the production code itself.
If you specify a working tree (your production area) to be different then the git files are well away from prying eyes. This can be done with the environment variable GIT_WORK_TREE.
Related:
