tags:

views:

37

answers:

4
+1  Q: 

Deploy all files in a website or just the ones required to run it?

Hi..

Just wondering is there any drawbacks to publishing a ASP .NET web application by copying all the files in it? (That means all the .cs, .csproj files will be included in the published folder)

So far I can think that the published folder's total size may become a little bigger (but that a negligible issue for me).

+1  A: 

I would also have some security concerns here as you are posting files to a (production?) server that have no business being there. If one was to compromise your server or find a way to get those files from IIS, they could in theory gain access to all of the .cs files used to create your dll's for your web app. Space is another concern as well.

Tommy  2010-06-01 13:15:19
IIS by default blocks downloads of code files (.cs, .vb). Can't find a reference for it at the moment...
Will  2010-06-01 13:17:18
Yes, I know this, but if his server was compromised in some way or if the IT guys get some idea that IIS should serve up .cs files, that wouldn't really matter. I guess, for me, it is the pricipal of least amount of stuff needed to make something work. Sort of like, well our firewall blocks service A, so it doesn't matter if it is running or not. If your not using it, close the hole.
Tommy  2010-06-01 13:30:46
A: 

What, apart from making the publishing process more complex than need be?

Will  2010-06-01 13:15:46
+1  A: 

When publishing the codebehind-files malicious users could access your code, and find an opening for attacks.

rdkleine  2010-06-01 13:16:21
+1  A: 

I do only the files needed to run the site, but more from an intellectual property standpoint. The business logic and data access stuff is mine. My client gets what they need to run their site and go about their business. They didn't pay me to know how I accomplish those things. I want them to have to come back to me and need me to make a change, not pass it off to someone else who might benefit from my design (although, that's doubtful, I've seen my code).

Anthony Potts  2010-06-01 13:31:57

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps