This article was originally posted at:
but this site now seems to be dead, so I have recovered it from archive.org and re-posted it.
If I am breaking any copyrights here, please let me know and I will remove it.
Note that Drupal now blocks any path containing "svn-base". See: http://drupal.org/node/28776
Posted At : July 5, 2006 9:54 PM By : Mark
One of the best uses that we have put subversion to is a way to handle code releases to live web servers. It has a number of major benefits over other methods of releasing web sites.
For example, when using FTP you have the option to copy over the site each time which leaves lots of old files hanging around if you remove files from you website.
Alternatively you can upload a complete new copy of you code, which can take a considerable amount of time for a large code base, and you then have to switch the running to the new code.
Using subversion gives the following benefits:
- Simple and fast to do a site release
- Can always check that the versions of files on the server are what you think they are
- Automatically removes files from live servers that are no longer used and have been removed in the subversion repository
- Can show you if any files have been changes or added to live site
- Easily move back and forward between releases
- Simple to keep multiple servers (cluster) in sync.
- Security considerations
- Conflicts in code-base if people edit on live (which is a big No, No)
The main security consideration is that a working copy of a subversion repository contains a duplicate copy of the current version in .svn directories which allows for quicker compares as it is a local file compare not a network operation.
However, this would allow a crafty hacker to browse to www.example.com/.svn/ and potentially get access to view the code of the pages that run your website which is always a bad thing.
We can manage this issue however thanks to the very customisable security in apache (assuming you are using it) to disallow access to all directories with .svn in it.
#Remove access to all .svn directories
<Directory ~ "\.svn">
Deny from all
Note: It may be possible to do the same with IIS, so please let me know if it is.
To check out a project/website into the current directory use:
svn co http://www.example.com/svn/repos/projectname/tags/1.0 .
Then when it comes around to doing a release to the next version you use
svn switch http://www.example.com/svn/repos/projectname/tags/1.1
Easy as that!