Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

ignore web deploy settings by default #950

Merged
merged 2 commits into from Apr 4, 2014

Conversation

Projects
None yet
2 participants
Contributor

bbodenmiller commented Feb 18, 2014

Allowing the *.pubxml files currently allows unencrypted database connection passwords to be stored in plain text. By default I don't think we should encourage people to store unencrypted passwords in repositories.

This relates to #674, #517, #775, & #837.

/cc @sayedihashimi, @niik, @steveoh, @Haacked, @ArturDorochowicz. I don't expect you all to agree with me but I am CCing you for the sake of transparency. Again I don't think passwords should be stored in repos by default.

bbodenmiller added some commits Feb 18, 2014

Collaborator

arcresu commented Apr 4, 2014

Without knowing anything about *.pubxml files, it seems to me that you're right to make mention of it in the template since the reason it was removed initially was for security considerations. I'm reluctant to keep adding and removing this rule, but I think that adding the comment was a good idea, and ignoring it by default is probably sensible from a security perspective.

Since nobody else has weighed in with an opinion either way, I'm happy to go ahead with this. Thanks!

arcresu added a commit that referenced this pull request Apr 4, 2014

Merge pull request #950 from bbodenmiller/patch-1
ignore web deploy settings by default for security, but add a TODO comment

@arcresu arcresu merged commit 4dec759 into github:master Apr 4, 2014

@bbodenmiller bbodenmiller deleted the bbodenmiller:patch-1 branch Apr 4, 2014

drothmaler pushed a commit to drothmaler/gitignore that referenced this pull request May 27, 2014

Merge pull request #950 from bbodenmiller/patch-1
ignore web deploy settings by default for security, but add a TODO comment

kaiserhl pushed a commit to kaiserhl/gitignore that referenced this pull request Jul 8, 2017

Merge pull request #950 from bbodenmiller/patch-1
ignore web deploy settings by default for security, but add a TODO comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment