Skip to content


ignore web deploy settings by default #950

merged 2 commits into from

2 participants


Allowing the *.pubxml files currently allows unencrypted database connection passwords to be stored in plain text. By default I don't think we should encourage people to store unencrypted passwords in repositories.

This relates to #674, #517, #775, & #837.

/cc @sayedihashimi, @niik, @steveoh, @Haacked, @ArturDorochowicz. I don't expect you all to agree with me but I am CCing you for the sake of transparency. Again I don't think passwords should be stored in repos by default.


Without knowing anything about *.pubxml files, it seems to me that you're right to make mention of it in the template since the reason it was removed initially was for security considerations. I'm reluctant to keep adding and removing this rule, but I think that adding the comment was a good idea, and ignoring it by default is probably sensible from a security perspective.

Since nobody else has weighed in with an opinion either way, I'm happy to go ahead with this. Thanks!

@arcresu arcresu merged commit 4dec759 into github:master
@bbodenmiller bbodenmiller deleted the bbodenmiller:patch-1 branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 18, 2014
  1. @bbodenmiller

    ignore web deploy settings by default

    bbodenmiller committed
    web deploy settings include unencrypted passwords
  2. @bbodenmiller
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 0 deletions.
  1. +2 −0 VisualStudio.gitignore
2 VisualStudio.gitignore
@@ -116,6 +116,8 @@ publish/
# Publish Web Output
+## TODO: Comment the next line if you want to checkin your web deploy settings but do note that will include unencrypted passwords
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
Something went wrong with that request. Please try again.