ASP.NET ascx.cs via GET
Say I have this url: http://site.example/dir/
In this folder I have these files: test.ascx.cs
and test.ascx
Just to be clear, I am not a .NET developer.
From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there?
I assume IIS filters out request that quer开发者_如何学Cy these kind of files, but can someone explain me this?
Thank you.
You just explained it yourself. IIS won't serve those files.
When you register ASP.NET with IIS (aspnet_regiis.exe) it will add common extensions and associate them with the ASP.NET handler. As far as the .cs
extension is concerned it is filtered and not served by IIS. It is absolutely safe to have these files there, but I would recommend you to use an ASP.NET application project (in contrast to ASP.NET website) which is precompiled and you don't need to deploy source code files on your server.
(source: wewill.cn)
精彩评论