4

We have recently hired new developers. Until now, we only have one developer who was committing all his changes on Visual SVN. But after new developers are hired, we are concerned about the security of our SQL credentials that reside in the web.config.

We either want (Not Prefered) to exclude web.config from the SVN and have all developers include their own version of web.config, which contains their SQL Connection string of the test machine. But we really don't need that. We want to have a class handle our sql connection string. That class should be designed in such a way that only the authorized computer should be able to connect to the production Sql server.

How does other teams tackle such an issue? can somebody help please?

bahrep
  • 29,961
  • 12
  • 103
  • 150
Shezi
  • 1,352
  • 4
  • 27
  • 51
  • You don't commit your changes "on Visual SVN" VisualSVN is merely a UI based on top of SVN, well TortoiseSVN really. (Hence the name "Visual" SVN). You commit your changes *using* SVN. You could look into encrypting the web.config. – Arran Nov 20 '13 at 10:59
  • Maybe i failed to explain my question. I am only concerned about leaking out my web.config, which has sql connection string in it. After other developers will check-out from SVN, I don't want them to see the connection string, rather, they should enter the connection string of their test environment. I don't know how and what to do about it. – Shezi Nov 20 '13 at 11:02

1 Answers1

5

You can store your connection strings in a seperate config file. You can use the configSource property to reference that file. That way, all developers will have their own connection strings. You add that specific file to the SVN ignore list, so it won't be sent to the SVN server when a commit is made.

<connectionStrings configSource="Config\connectionStrings.config"/>

Here's an example for the connectionStrings.config file:

<?xml version="1.0"?>
<connectionStrings>
    <add name="Name" 
     providerName="System.Data.ProviderName" 
     connectionString="Valid Connection String;" />
</connectionStrings>

There should be nothing else in the file. Just the <connectionStrings>...</connectionStrings> content. Also, check the MSDN documentation to see how the configSource attribute should be used.

Taylan Aydinli
  • 4,333
  • 15
  • 39
  • 33
  • can you please tell me the format of connectionstrings.config file? what will i have to code in it? please – Shezi Nov 20 '13 at 11:24