[Mongrel] SVN security hole explained

Francois Beausoleil francois.beausoleil at gmail.com
Fri Aug 25 11:26:50 EDT 2006

Hi all,

If you are using Pound / Pen or another load balancer, I believe you
should read this:


My article refers to Dan Benjamin's

My point is that even though we are preventing Apache from serving
anything except a select few file extensions, Mongrel is serving up
the files behind the scenes.

So, http://myrailsapp.com/.svn/entries exposes Subversion metadata.

Go and read the posts, well worth the time:

Bye !
François Beausoleil

More information about the Mongrel-users mailing list