tags:

views:

137

answers:

4
Q: 

in web application project, how to make the source code folder inaccessible?

I have a web application project and I have put my source code in a folder called "source". Now when I run the application I am able to see contents of "source" folder (it lists the code files) by appending the folder name to the url "/source" in IE.

How do I prevent this?

A: 

It sounds like you have directory browsing on....

Tell IIS not to allow directory browsing by unchecking it under the virtual directory tab for the application in IIS.

klabranche  2009-09-11 20:28:32
A: 

If this is IIS you can turn off directory browsing. Open the IIS manager and navigate to your application root. Expand the application root and right-click on the Source directory and choose Properties. In the Directory tab ensure that the Directory Browsing checkbox is left unchecked.

Hope this helps.

psuphish05  2009-09-11 20:30:24
A: 

Don't put your code online would be the obvious answer.

But you could restrict access with the web.config 

<location path="Source">
 <system.web>
  <authorization>
   <deny users="*"/>
   <deny roles="*"/>
  </authorization>
 </system.web>
</location>
Chad  2009-09-11 20:31:07
+4  A: 

The easiest, and most fool-proof, answer would be to put the source-code folder outside of the web root:

-var-+-www-+- htdocs
        |      |
        |      +- images
        |      |
        |      +- javascript
        |      |
        |      +- css
        |      |
        |      +- ...and so on...
        |
        +- source code
        |
        +- php includes
        |
        +- ...and so on...

The idea is that only the htdocs directory, and sub-directories, should be visible/accessible to web-browsers; the other directories should not be accessible at all, except via ftp (or the administration interface provided by your web host).

David Thomas  2009-09-11 20:40:04
+1 The technique of including files in your code that are out of the wwwroot or htdocs folder is the most simple and effective way to hide your code.
backslash17  2009-09-11 21:09:52

related questions

Which resolution to target for a Mobile App?
iPhone app that access the Core Location framework over web
Displaying version of underlying software in footer of web app?
How Did You Decide Between WISA and LAMP?
What strategies have you employed to improve web application performance?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
Storing logged in user details
How do you unit test web apps hosted remotely?
Broken chart images in Crystal Reports in web application
Best Way to Begin Learning Web Application Design
JRuby / Rack deployment
How to affordably release a Web App
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
iPhone web applications, templates, frameworks?
How do you stress test a web application?
RSS feeds from Gallery2
Recommendation for straight-forward python frameworks
Graphing JavaScript Library
What to use for login ID?
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?
Implementing an online ordering system for a restaurant/cafe.
Web App Beta
What Hosting Service is best for Django applications?
How to make subdomain user accounts in a webapp