Password storage in source control

Question

We store all our application and db passwords in plain text in source control. We do this as our build/deploy process generates required configuration files and also does a

Answer 1

I've built systems where database userid/password pairs are not part of the code drop. The key is to setup a site-specific configuration mechanism. Then you can put such information on the box in question, without it being part of the code-base.

There's a bonus: you can not only have different passwords for different code drops, but also for different developers. :-)