{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《Connection string on public repository》','https://www.manongdao.com/q-1150905.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
For example, I have hobby project - ASP MVC application. I want to share my code. And get some feedback, or, maybe, somebody will join me in development of the project. I setup public repository for it.
The question is following: How do I store web.config and connection string in it?
It contains address of my SQLServer, password and username. It would be seen. It's security breach. So, what's the common solution?
In this case don't store the connection string in your web.config. Store it in a separate config file which will not be committed to the public repository. If you are using git as source control add this file to .gitignore to ensure that other developers will not commit it neither.
Then add a README file with instructions on how another developer could get your project and set it up locally. You could even add some automated scripts. Explain that your project has a dependency to a SQL server and since you don't want to provide the connection string to your personal SQL server give a step by step guide from where the develop will need to download a compatible version of SQL, how to install it on their machines and in which file he needs to update the connection string. If your project depends on some initially seeded data you might need to provide scripts that will initialize the newly created database.
And remember: the less steps a developer needs to do on his own machine (in addition to cloning your public repository), the higher chances you have him willing to contribute on it. Ideally a button click should be all that it is required for your project to start.