ignore web deploy settings by default #950

Merged
merged 2 commits into from Apr 4, 2014

2 participants

@bbodenmiller

Allowing the *.pubxml files currently allows unencrypted database connection passwords to be stored in plain text. By default I don't think we should encourage people to store unencrypted passwords in repositories.

This relates to #674, #517, #775, & #837.

/cc @sayedihashimi, @niik, @steveoh, @Haacked, @ArturDorochowicz. I don't expect you all to agree with me but I am CCing you for the sake of transparency. Again I don't think passwords should be stored in repos by default.

@arcresu

Without knowing anything about *.pubxml files, it seems to me that you're right to make mention of it in the template since the reason it was removed initially was for security considerations. I'm reluctant to keep adding and removing this rule, but I think that adding the comment was a good idea, and ignoring it by default is probably sensible from a security perspective.

Since nobody else has weighed in with an opinion either way, I'm happy to go ahead with this. Thanks!

@arcresu arcresu merged commit 4dec759 into github:master Apr 4, 2014
@bbodenmiller bbodenmiller deleted the bbodenmiller:patch-1 branch Apr 4, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment