We have a rails application in subversion that we deploy with Capistrano but have noticed that we can access the files in '/.svn', which presents a security concern.
I wanted to know what the best way to do this. A few ideas:
The best option is to use Apache configuration.
Using htaccess or global configuration depends mainly on if you control your server.
If you do, you can use something like
<DirectoryMatch .*\.svn/.*> Deny From All </DirectoryMatch>
If you don't, you can do something similar in .htaccess files with FilesMatch