The <compilation> element controls compiler settings that are used for dynamic page compilation, which is initiated when a client requests a Web page (.aspx file) or Web service (.asmx file). It is important that debug builds are not used on the production server because debug information is valuable to attackers and can reveal source code details.
This element controls the compilation process. Make sure that debug compiles are disabled on production servers. Set debug="false" as follows :
<compilation debug="false" explicit="true" defaultLanguage="vb" />
By default, temporary files are created and compiled in the following directory:
%winnt%\Microsoft.NET\Framework\{version}\Temporary ASP.NET Files
You can specify the location on a per application basis using the tempDirectory attribute, although this provides no security benefit.
Note | The ASP.NET process identity specified on the <processModel> element requires Full Control access rights on the temporary compilation directory. |
Make sure you do not store debug files (with .pdb extensions) on a production server with your assemblies.