Should server/database config files, including passwords, be stored in source control?

Question

I\'m looking to hear some best practices...

Assuming a web application that interacts with a few different production servers (databases, etc.)... should the configu

Answer 1

Problems with passwords in source code:

• hard to vary from one deployment to another (I don't want to have to modify source code in production)
• increased likelyhood of accidentally corrupting production database when doing development
• security issue (in most shops there is no reason for code/developers to know prod passwords)
• changed password requires redeployment

What I have found works the best is having a config checked in that uses mixture sane defaults and placeholders for deployment specific data. Our apps always look for a system config which allows the override of any variable. This allows the production machine to have a config appropriate for it's deployment.

Note: When I function as an admin I always manage configs separately from code (for good reason).