best practice for sensitive configuration data in source control?
I've seen a few approaches to this problem so I'm curious wha开发者_如何学JAVAt the SO community has to say about it.
If I have configuration data that is used for accessing a production database (specifically a connection string):
- Is it a bad idea to keep that information in source control (e.g. another avenue of attack for hackers)?
- If you aren't keeping it in source control then where would you keep it?
- Is this a case of "if they've gotten in to your source control server you're pretty screwed anyway"?
if you're worried about that issue (a concern which, frankly, I don't share), you can save your connection string encoded, with the key stored somewhere else (= a different server).
精彩评论