One of the other developers at my company wrote a .NET 2.0 web site. He stores everything...solution, project, source...everything inside of "inetpub\AppName" (the IIS share). I have never seen this done before. In fact I'm kinda surprised the website loads up in a browser. Are there any disadvantages to doing this over say...storing your solution in the visual studio 2010 projects folder and then publishing the website to inetpub (security, speed, etc)? Also, Why does this work?
+1
A:
There's really no reason it shouldn't work, but it's generally considered a bad idea. Is he developing directly on the shared site? That's scary. Even if he isn't, that's putting a lot of files on a shared site that shouldn't be there. The server may be configured not to return them, but one shouldn't get comfortable relying on that.
Even on his local machine, it's bad practice. If for no other reason than it doesn't properly mimic the published site and makes for a bad place to test things.
David
2010-08-12 20:32:48
A:
I'd say it's bad practice. Your entire code is at the mercy of the web server. If the server is hacked the code is a freebie reward.
del.ave
2010-08-12 20:36:13
I agree it's bad practice, but have no misconceptions that a compiled DLL hides your source. Decompilers can easily extract source from .Net DLL's.
itchi
2010-08-12 22:39:30
+2
A:
It works because the site would be compiled on the fly. This is bad from performance point of view (because the late compilation) and it's bad from security point of view (you're exposing your code more than necessary).
From MSDN
Because ASP.NET compiles your Web site on first user request, you can simply copy your application's source code to the production Web server. However, ASP.NET also provides precompilation options that allow you to compile your Web site before it has been deployed, or to compile it after it has been deployed but before a user requests it. Precompilation has several advantages
Claudio Redi
2010-08-12 20:36:32
+1
A:
There's nothing special about the Inetpub folder—it's just the default web server root by convention. Nothing about it will prevent IIS from displaying ASPX pages if it's also part of a solution (which is only referenced in the project file's XML). You can also point IIS to the project directory in the Visual Studio Projects folder.
Mark Cidade
2010-08-12 20:42:58
+1
A:
Storing userdata on C: is usually bad practice (specially for a programmer). Most of us have a data partition that contains just userdata which is backed-up frequently or use a source repository on another server.
If you're on a secure LAN and just developing by yourself there is really no problem putting the solution in InetPub. However if you use the same IIS to publish to the world i wouldn't recommend it. You never know who might get to your precious gems.
Jeroen
2010-08-12 20:49:59