Publishing Websites and Security

C

Chris

I am looking at publishing websites via VS. One thing I am unclear about is
security. These are probably stupid questions...

Our network people are really cagey about opening up FTP on the server. I
think the bosses have a fear of someone logging on a stealing all the source
code so we have some really ridiculous ways of deploying things. So couple
of questions:

The precompiled code - is it really easy to reverse engineer?
The http route - how secure is this. How do you prevent people from
capturing the upload, do you need to do it over an SSL line or does VS take
care of that.
Would there be a way of making the deployment process one way. You can
upload but you can't download.
And this is really stupid but how do you secure it so only certain people
can deploy. I don't see that in the tutorials.

Regards, Chris.
 
M

Mark Rae [MVP]

The precompiled code - is it really easy to reverse engineer?
Click to expand...

It's as easy as any other compiled .NET assembly, because that's what it is.
There are obfuscation tools available:
http://www.preemptive.com/products/dotfuscator/ and others...
The http route - how secure is this.
Click to expand...

As secure as the http protocol is, because that's what it uses...
How do you prevent people from capturing the upload, do you need to do it
over an SSL line or does VS take care of that.
Click to expand...

Visual Studio.NET won't automatically secure an upload natively for you...
Would there be a way of making the deployment process one way. You can
upload but you can't download.
Click to expand...

That's not really a Visual Studio.NET question... Something like that would
need to be done at network level...
And this is really stupid but how do you secure it so only certain people
can deploy. I don't see that in the tutorials.
Click to expand...

Well, one possibility would be to use Web Deployment Projects:
http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx They deploy a
solution onto your network, so you could restrict access to the deployment
folder as required. Then, you would FTP the files from the deployment folder
to your website, using an FTP account for which only your network
administrators know the password...


Your organisation maybe needs to take a bit of a step back here, though, and
ask itself just how secure does all this *really* need to be...

There's paranoid, and then there's paranoid...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Want to host websites that I will probably be the only user from home. Sacrilege, I know, but it has always been a dream of mine. Where do I start? 2
publishing a website security 0
Hello all! Noob here with completely unrealistic ambitions. Happy to join the crew and get good enough to help others. 4
Backup, synchronization and publishing 2
Computer Security Information (Free Articles and eBooks) 0
Simple security between prototype iPhone app and SimpleHTTPServerREST service? 0
Security experts from Cyberoam, Novell, Wipro, IBM all at one place@Security Conf (April 9th, Mumbai 0
[OT] Looking for help with security issue 3

Members online

Total: 60 (members: 2, guests: 58)
Robots: 468

Forum statistics

Threads
473,995
Messages
2,570,228
Members
46,816
Latest member
nipsseyhussle

Latest Threads

Top