I recently realized that my project's .Publish.xml file is being committed to source control. While it seems like the FTP password in the file is encrypted, how safe is it to be storing? Can it be reverse engineered by 3rd parties?
Asked
Active
Viewed 3,124 times
14
1 Answers
10
Our own experiences of including the publish.xml file in source control are the password is not stored in clear text but another user can make use of the file to publish to the ftp account, so presumably whatever key is used to encrypt/encode the password is availible somewhere.
The other thing that we noticed was that if you try and publish the project without having the publish.xml file checked out it causes all sorts of problems, even to the extent of causing visual studio to hang, although we haven't conducted much further research into this yet.
benophobia
- 771
- 6
- 8
-
Thanks for the reply. In the end I noticed on my work machine that TFS does not store publish.xml in source control. With that, and the thought of others taking the publish.xml file out source control and using it without permission made me think to remove it from source control, and add git rules to ignore any future changes to it. – KallDrexx May 27 '11 at 17:44