The web server started by 'ant runtests' / 'ant brserve' permits more than it
needs to:
* It allows access from the network. Localhost would be a better _default_.
* It serves all files in the project root, hence including .svn or .git. In the
event that network access is permitted, hiding .git would prevent reading
history information which could include undisclosed draft security patches and
such.
(Of course, if the server is accessible then the current files it's serving
show the current work as well, but VCS data is more slurpable.)
Original issue reported on code.google.com by kpreid@google.com on 14 Apr 2015 at 4:56
Original issue reported on code.google.com by
kpreid@google.com
on 14 Apr 2015 at 4:56