There is a similar situation that we ran across for IIS. I can’t remember what the name of the default config file is, but IIS explicitly blocks access to it. What it did not block, however was the .bak file that ultra-edit left in place when you edited the file in production.
While you shouldnt expose your .git folder to the world, its probably also good practice not to put credentials into your source control.
There is a similar situation that we ran across for IIS. I can’t remember what the name of the default config file is, but IIS explicitly blocks access to it. What it did not block, however was the .bak file that ultra-edit left in place when you edited the file in production.