Protect bin folder from direct download

P

Pavils Jurjans

Hello,

My ASP.NET hoster has made a separate folder in my hosting space and
configured it as separate application in IIS. Further, I created "bin"
folder in this directory, and put in my aspx pages that all use code-behind.
All works fine, but I was dismayed finding out that is is possible to write
direct URL to an assembly in the bin folder, and IIS would allow to download
pure code. That's somewhat very worg, isn't it?

What should I tell my hoster to do inorder to fix this? Actually I was
expecting that IIS6 handles this automatically and makes the bin folder
accessible only to CLI, and does not expose it's contents to http requests.

Thanks,

Pavils
 
G

George Ter-Saakov

Actually this is your hoster fault.
In IIS Managment Console they should revoke read permissions from this
folder. So IIS will not serve any file to the browser from that folder.
Those permissions are given only through IIS Managment Console.

Do not mistake them with file "read" permission to IIS account or ASP.NET
account.
IIS must be able to read the DLL and load it into the memory.

George.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

bin folder? 4
DLL & Bin folder hell. 1
create cgi-bin ? 2
Managing files in bin folder 3
Reference dll from a folder other than bin 3
Remove Class Library Reference from BIN folder 3
Assembly works when placed in \Bin folder, but not GAC 3
NO DLL in bin folder after building 2

Members online

Total: 72 (members: 1, guests: 71)
Robots: 430

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,815
Latest member
treekmostly22

Latest Threads

Top