Is it safe to store information such as usernames and passwords within comments in your source code? I am not worried about some getting access to my source but I am concerned in regards to someone decompiling my compiled silverlight XAP file. Is anybody 100% sure if the compiler strips off commented code. I would assume it does but I want to be sure.
Thanks!
Probably not because IME too many people have access to your source code and likely someone you don't want reading them.
No
Are comments compiled in to C# Silverlight Applications?
No.
I am not worried about some getting access to my source
You should be.
Is it safe to store information such as usernames and passwords within comments in your source code?
Safe against what attack?
It is not safe against the attack of "a disgruntled employee copies the source code to their USB keychain and takes it home with them, so that they know your user names and passwords after you fire them", for example.
Nor is it safe in the scenario "you accidentally used some component that has a viral open source license and you are sued and legally required to release your source code to the public as-is, and you are now legally required to display your user names and passwords to the world".
Nor is it safe in the scenario "you decide to open-source your code and forget that somewhere in that hundred-thousand lines of code, there's a user name and password sitting right there."
Nor is it safe in the scenario "we gave a client a virtual machine with a trial version of the software but we forgot that a developer had been debugging the trial version on that virtual machine and she copied a bunch of the source code to the VM".
And so on.
It is a very, very bad idea to store user names and passwords in comments of source code. Too many people have access to source code. Save this information on a piece of paper in a locked filing cabinet behind a door that says "beware of the leopard".
And remember: always state the attack when you ask "is it safe?" Safety is always in the context of a particular attack.
Comments are ignored by the compiler. They will not be put into the output executable.
Since comments are ignored by the compiler it does not mean that you should add comments like username and password to your code. As a good coding practice you should not store such information in your code.
The answers have already covered it well however just in case it needs to be made clear but since this is a Silverlight question. Any comments you include in your Xaml will be included in the final XAP.