1. 15

  2. 4

    While you shouldnt expose your .git folder to the world, its probably also good practice not to put credentials into your source control.

    1. 3

      There is a similar situation that we ran across for IIS. I can’t remember what the name of the default config file is, but IIS explicitly blocks access to it. What it did not block, however was the .bak file that ultra-edit left in place when you edited the file in production.