TFS2010 security on web.release.config
https://stackoverflow.com/questions/9040082
-
03-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We have a web application and I did the build and deploy scripts to dev, qa and production. In VS2010 I have the web.config and below that I have web.debug.config and web.release.config I have no issue that our developers can see the passwords for our development server but I have an issue that the web.release.config does a substitute on the connection string for the production DB and I cannot seem to hide it.
I there any way for me to keep this secure?
Solution
In VS2010 Source Control Explorer you can right-click on the web.release.config and select properties. Click the security tab and in there you can deny access to people you do not want to see the content of the file.
I have to allow developers to merge their development changes (on the dev server) to the production(trunk) so I created a group called "MergeGroup" and they are not allowed any access to only the xxx.release.config files but they can merge all the other files. The idea is that if a developer needs to merge code I put them in this group and once they are done I remove them from the group.
