Debugging

Previous page
Table of content
Next page

The <compilation> element controls compiler settings that are used for dynamic page compilation, which is initiated when a client requests a Web page (.aspx file) or Web service (.asmx file). It is important that debug builds are not used on the production server because debug information is valuable to attackers and can reveal source code details.

<compilation>

This element controls the compilation process. Make sure that debug compiles are disabled on production servers. Set debug="false" as follows : 

 <compilation debug="false" explicit="true" defaultLanguage="vb" />

By default, temporary files are created and compiled in the following directory: 

 %winnt%\Microsoft.NET\Framework\{version}\Temporary ASP.NET Files

You can specify the location on a per application basis using the tempDirectory attribute, although this provides no security benefit.

Note  

The ASP.NET process identity specified on the <processModel> element requires Full Control access rights on the temporary compilation directory.

Make sure you do not store debug files (with .pdb extensions) on a production server with your assemblies.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
SQL Hacks
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Twisted Network Programming Essentials
Junos Cookbook (Cookbooks (OReilly))
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy