I 开发者_运维百科recently realized that my project's .Publish.xml
file is being committed to source control. While it seems like the FTP password in the file is encrypted, how safe is it to be storing? Can it be reverse engineered by 3rd parties?
Our own experiences of including the publish.xml file in source control are the password is not stored in clear text but another user can make use of the file to publish to the ftp account, so presumably whatever key is used to encrypt/encode the password is availible somewhere.
The other thing that we noticed was that if you try and publish the project without having the publish.xml file checked out it causes all sorts of problems, even to the extent of causing visual studio to hang, although we haven't conducted much further research into this yet.
精彩评论