Secure(ish) way to move web.config in to project w/o SQL passwords

[jeremy-farrance]

See either ACCU4.com or the CHRC App backend for reference. I REALLY like having DNN's web.config in the OHS project, but have avoided it mostly because (even though these repos are private) it includes things like SQL database account/login/passw info.

So to make this a little safer, this is the process. I have no idea if we should or how we would help account for this in this project or is it just a manual, post-deploy setup step.

Steps:

1. create a new file app/webConnections.config
2. add this file to .gitignore
3. copy the SQL connection info from web.config (at appx line 37) in to app/webConnections.config and save/upload, so it is just this:

<connectionStrings>
  <add name="SiteSqlServer" connectionString="Data Source=.\SQLSTD;Initial Catalog=dbname;User ID=dbusername;Password=s3cr3TSh3rE!" providerName="System.Data.SqlClient" />
</connectionStrings>

4. modify web.config to include this '` between the /configSections and appSettings tags in place of the stuff that is there now and upload
5. test, make sure its working ;)

So we are just moving the sensitive info to an include and git ignoring it.