Owen Williams reports:
Git is a developer’s best friend… except when it’s not used properly and exposes a site’s security.
The tool is used for version control. It tracks changes to code over time, so that multiple developers can work together efficiently and roll back if they need to.
[…]
As it tracks your changes over time, it keeps them in a hidden folder — called .git. Exposing this to the world is catastrophic.
In many cases, revealing it means giving anyone access to source code, server access keys, database passwords, hosted files, encryption salts and more.
Unfortunately that’s exactly what many websites are doing.
Read more on The Next Web.