Hello all,
Asp.net webformview engine is quite flexible and easy to be used in the projects.
I have been facing with a small problem recently. SECURITY!
I want my users to design the web pages in front. BUT!! with a small code, the people who have bad intention, can get the content of my dll files in bin folder.
e.g.
<%
System.IO.FileStream fileStream = new System.IO.FileStream(Server.MapPath("\\bin") + "\\TestReader.dll", System.IO.FileMode.Open, System.IO.FileAccess.Read);
try
{
System.IO.StreamReader sr = new System.IO.StreamReader(fileStream);
string s = sr.ReadToEnd();
Response.Write(s);
sr.Close();
}
finally
{
fileStream.Close();
}
%>
The code above gives me the content of the file. What I want is to forbid some namespaces that can be used in webforms! Is it possible to do that?
Or any other advise?? To tell the truth, I do not want to use any other viewengine. Unless I can do what I want, I will use another viewengine.
Thanks