Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / July 2007

Tip: Looking for answers? Try searching our database.

Publishing Websites and Security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Chris - 23 Jul 2007 00:08 GMT
I am looking at publishing websites via VS. One thing I am unclear about is
security. These are probably stupid questions...

Our network people are really cagey about opening up FTP on the server. I
think the bosses have a fear of someone logging on a stealing all the source
code so we have some really ridiculous ways of deploying things. So couple
of questions:

The precompiled code - is it really easy to reverse engineer?
The http route - how secure is this. How do you prevent people from
capturing the upload, do you need to do it over an SSL line or does VS take
care of that.
Would there be a way of making the deployment process one way. You can
upload but you can't download.
And this is really stupid but how do you secure it so only certain people
can deploy. I don't see that in the tutorials.

Regards, Chris.
Reply to this Message
Mark Rae [MVP] - 23 Jul 2007 00:21 GMT
> The precompiled code - is it really easy to reverse engineer?

It's as easy as any other compiled .NET assembly, because that's what it is.
There are obfuscation tools available:
http://www.preemptive.com/products/dotfuscator/ and others...

> The http route - how secure is this.

As secure as the http protocol is, because that's what it uses...

> How do you prevent people from capturing the upload, do you need to do it
> over an SSL line or does VS take care of that.

Visual Studio.NET won't automatically secure an upload natively for you...

> Would there be a way of making the deployment process one way. You can
> upload but you can't download.

That's not really a Visual Studio.NET question... Something like that would
need to be done at network level...

> And this is really stupid but how do you secure it so only certain people
> can deploy. I don't see that in the tutorials.

Well, one possibility would be to use Web Deployment Projects:
http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx They deploy a
solution onto your network, so you could restrict access to the deployment
folder as required. Then, you would FTP the files from the deployment folder
to your website, using an FTP account for which only your network
administrators know the password...

Your organisation maybe needs to take a bit of a step back here, though, and
ask itself just how secure does all this *really* need to be...

There's paranoid, and then there's paranoid...

Signature

Mark Rae
ASP.NET MVP
http://www.markrae.net

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.