ignore web deploy settings by default #950

merged 2 commits into from Apr 4, 2014


None yet
2 participants

bbodenmiller commented Feb 18, 2014

Allowing the *.pubxml files currently allows unencrypted database connection passwords to be stored in plain text. By default I don't think we should encourage people to store unencrypted passwords in repositories.

This relates to #674, #517, #775, & #837.

/cc @sayedihashimi, @niik, @steveoh, @Haacked, @ArturDorochowicz. I don't expect you all to agree with me but I am CCing you for the sake of transparency. Again I don't think passwords should be stored in repos by default.


arcresu commented Apr 4, 2014

Without knowing anything about *.pubxml files, it seems to me that you're right to make mention of it in the template since the reason it was removed initially was for security considerations. I'm reluctant to keep adding and removing this rule, but I think that adding the comment was a good idea, and ignoring it by default is probably sensible from a security perspective.

Since nobody else has weighed in with an opinion either way, I'm happy to go ahead with this. Thanks!

arcresu merged commit 4dec759 into github:master Apr 4, 2014

bbodenmiller deleted the bbodenmiller:patch-1 branch Apr 4, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment