Publishing Websites and Security

C

Chris

I am looking at publishing websites via VS. One thing I am unclear about is
security. These are probably stupid questions...

Our network people are really cagey about opening up FTP on the server. I
think the bosses have a fear of someone logging on a stealing all the source
code so we have some really ridiculous ways of deploying things. So couple
of questions:

The precompiled code - is it really easy to reverse engineer?
The http route - how secure is this. How do you prevent people from
capturing the upload, do you need to do it over an SSL line or does VS take
care of that.
Would there be a way of making the deployment process one way. You can
upload but you can't download.
And this is really stupid but how do you secure it so only certain people
can deploy. I don't see that in the tutorials.

Regards, Chris.
 
M

Mark Rae [MVP]

The precompiled code - is it really easy to reverse engineer?

It's as easy as any other compiled .NET assembly, because that's what it is.
There are obfuscation tools available:
http://www.preemptive.com/products/dotfuscator/ and others...
The http route - how secure is this.

As secure as the http protocol is, because that's what it uses...
How do you prevent people from capturing the upload, do you need to do it
over an SSL line or does VS take care of that.

Visual Studio.NET won't automatically secure an upload natively for you...
Would there be a way of making the deployment process one way. You can
upload but you can't download.

That's not really a Visual Studio.NET question... Something like that would
need to be done at network level...
And this is really stupid but how do you secure it so only certain people
can deploy. I don't see that in the tutorials.

Well, one possibility would be to use Web Deployment Projects:
http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx They deploy a
solution onto your network, so you could restrict access to the deployment
folder as required. Then, you would FTP the files from the deployment folder
to your website, using an FTP account for which only your network
administrators know the password...


Your organisation maybe needs to take a bit of a step back here, though, and
ask itself just how secure does all this *really* need to be...

There's paranoid, and then there's paranoid...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top