Publishing Websites and Security

Discussion in 'ASP .Net' started by Chris, Jul 23, 2007.

  1. Chris

    Chris Guest

    I am looking at publishing websites via VS. One thing I am unclear about is
    security. These are probably stupid questions...

    Our network people are really cagey about opening up FTP on the server. I
    think the bosses have a fear of someone logging on a stealing all the source
    code so we have some really ridiculous ways of deploying things. So couple
    of questions:

    The precompiled code - is it really easy to reverse engineer?
    The http route - how secure is this. How do you prevent people from
    capturing the upload, do you need to do it over an SSL line or does VS take
    care of that.
    Would there be a way of making the deployment process one way. You can
    upload but you can't download.
    And this is really stupid but how do you secure it so only certain people
    can deploy. I don't see that in the tutorials.

    Regards, Chris.
     
    Chris, Jul 23, 2007
    #1
    1. Advertising

  2. "Chris" <> wrote in message
    news:...

    > The precompiled code - is it really easy to reverse engineer?


    It's as easy as any other compiled .NET assembly, because that's what it is.
    There are obfuscation tools available:
    http://www.preemptive.com/products/dotfuscator/ and others...

    > The http route - how secure is this.


    As secure as the http protocol is, because that's what it uses...

    > How do you prevent people from capturing the upload, do you need to do it
    > over an SSL line or does VS take care of that.


    Visual Studio.NET won't automatically secure an upload natively for you...

    > Would there be a way of making the deployment process one way. You can
    > upload but you can't download.


    That's not really a Visual Studio.NET question... Something like that would
    need to be done at network level...

    > And this is really stupid but how do you secure it so only certain people
    > can deploy. I don't see that in the tutorials.


    Well, one possibility would be to use Web Deployment Projects:
    http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx They deploy a
    solution onto your network, so you could restrict access to the deployment
    folder as required. Then, you would FTP the files from the deployment folder
    to your website, using an FTP account for which only your network
    administrators know the password...


    Your organisation maybe needs to take a bit of a step back here, though, and
    ask itself just how secure does all this *really* need to be...

    There's paranoid, and then there's paranoid...


    --
    Mark Rae
    ASP.NET MVP
    http://www.markrae.net
     
    Mark Rae [MVP], Jul 23, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    381
  2. Replies:
    1
    Views:
    374
  3. =?Utf-8?B?UGhpbGxpcCBXaWxsaWFtcw==?=

    Your security settings do not allow websites to use ActiveX contro

    =?Utf-8?B?UGhpbGxpcCBXaWxsaWFtcw==?=, Sep 21, 2007, in forum: ASP .Net
    Replies:
    5
    Views:
    2,474
    Walter Wang [MSFT]
    Sep 27, 2007
  4. Sunfire

    publishing a website security

    Sunfire, Nov 12, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    303
    Sunfire
    Nov 12, 2007
  5. John
    Replies:
    0
    Views:
    102
Loading...

Share This Page