开发者

best practice for sensitive configuration data in source control?

I've seen a few approaches to this problem so I'm curious wha开发者_如何学JAVAt the SO community has to say about it.

If I have configuration data that is used for accessing a production database (specifically a connection string):

  • Is it a bad idea to keep that information in source control (e.g. another avenue of attack for hackers)?
  • If you aren't keeping it in source control then where would you keep it?
  • Is this a case of "if they've gotten in to your source control server you're pretty screwed anyway"?


if you're worried about that issue (a concern which, frankly, I don't share), you can save your connection string encoded, with the key stored somewhere else (= a different server).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜