ASP.NET ascx.cs via GET

views:

answers:

ASP.NET ascx.cs via GET

Say I have this url: http://site.example/dir/

In this folder I have these files: test.ascx.cs and test.ascx

Just to be clear, I am not a .NET developer.

From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there?

I assume IIS filters out request that query these kind of files, but can someone explain me this?

Thank you.

+1 A:

You just explained it yourself. IIS won't serve those files.

John Saunders 2010-03-12 19:29:24

How about having those files there? Isn't there a way to "compile" them and than deploy? Is it safe to have those files there?

Alexandru Luchian 2010-03-12 19:31:03

@Heavy: yes, don't use "web site projects". Always use "Add->New Project" to add a web application project. It compiles all such files into a single DLL. But it's not a security problem. If the server won't serve them, then it's not an issue.

John Saunders 2010-03-12 19:33:48

When you register ASP.NET with IIS (aspnet_regiis.exe) it will add common extensions and associate them with the ASP.NET handler. As far as the .cs extension is concerned it is filtered and not served by IIS. It is absolutely safe to have these files there, but I would recommend you to use an ASP.NET application project (in contrast to ASP.NET website) which is precompiled and you don't need to deploy source code files on your server.

alt text

Darin Dimitrov 2010-03-12 19:31:27

ansaurus

tags:

views:

answers:

ASP.NET ascx.cs via GET

related questions