Re: asp.net source code?
From: Kevin Spencer (kspencer_at_takempis.com)
Date: 07/28/04
- Next message: Ken Cox [Microsoft MVP]: "Re: AM PM does not appear on page"
- Previous message: Kevin Spencer: "Re: asp.net equivalent for Application("Root")"
- In reply to: Ryan Riddell: "Re: asp.net source code?"
- Next in thread: Bryant Hankins: "Re: asp.net source code?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Jul 2004 10:48:27 -0400
> Isn't it better not to have the code behind files on the server, just the
.aspx and .dll files? In which case even if the hacker did gain access to
the file system they would still need to decompile the .dll files since
source files do not exist on the server.
If anyone could gain access to my server's file system, I would consider
that a MUCH bigger (read "EMERGENCY") security hole.
-- HTH, Kevin Spencer .Net Developer Microsoft MVP Big things are made up of lots of little things. "Ryan Riddell" <RyanRiddell@discussions.microsoft.com> wrote in message news:356EEA2C-D036-4934-B7B0-8891BD4F9F96@microsoft.com... > Isn't it better not to have the code behind files on the server, just the .aspx and .dll files? In which case even if the hacker did gain access to the file system they would still need to decompile the .dll files since source files do not exist on the server. > > "Kevin Spencer" wrote: > > > You couldn't program with .Net if you couldn't view/edit the source code. > > ;-) If you're asking if you can view the source code inside a compiled DLL, > > well, that depends. First, one would have to gain access to the file, which, > > unless one has permission, is highly unlikely. Assuming that some hacker did > > gain access to the DLL, well, they could view the MSIL code that is in the > > DLL, yes. Of course, if you use an obfuscator when building your DLLs, that > > isn't going to happen either. Finally, if you haven't compiled a DLL, and > > are using scripted CodeBehind, again, someone would have to gain access to > > these files in order to view the source code. And we're back to the same > > issue we started with again. If you're concerned about Security, the bottom > > line is this: How good would your server's security be if people could gain > > access to the file system? Because that is the only way anyone could > > possibly view the source code for any .Net class on the server. > > > > -- > > HTH, > > Kevin Spencer > > ..Net Developer > > Microsoft MVP > > Big things are made up > > of lots of little things. > > > > "Jay" <me@somewhere.com> wrote in message > > news:#OeHVGKdEHA.592@TK2MSFTNGP11.phx.gbl... > > Is it possible to view the source code for .NET classes? > > > > Thanks. > > Jay > > > > > >
- Next message: Ken Cox [Microsoft MVP]: "Re: AM PM does not appear on page"
- Previous message: Kevin Spencer: "Re: asp.net equivalent for Application("Root")"
- In reply to: Ryan Riddell: "Re: asp.net source code?"
- Next in thread: Bryant Hankins: "Re: asp.net source code?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
