Class files and performance

[Chris]

Are there any performance/general issues with putting classes in the .vb
files in the app_code folder rather than compiling them into assemblies

 

[Juan T. Llibre]

Only the first time any page in the app is run.
From that point on, all the files in App_Code will have been compiled, too.

I view this, not from a performace viewpoint but, from a security viewpoint.

I compile all my helper classes and upload the assembly/assemblies to the /bin directory.
That way, my precious code is safe in my development computer.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[Guest]

Right, but neither files from the APP_CODE folder nor assemblies from the
/bin folder are ever served anyway. The only security issue might be from a
rogue developer who has access to the files. And even in that case, if your
source files aren't available but your assemblies are, they can just
decompile them.
Yes? No?

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net

 

[Juan T. Llibre]

re:
!> The only security issue might be from a
!> rogue developer who has access to the files.

That's enough of a risk to be concerned about.
There's also other security risks, like unauthorized access.

re:
!> And even in that case, if your source files aren't available
!> but your assemblies are, they can just decompile them.
!> Yes? No?
!>

Decompilation isn't all that it's whooped up to be.
Yes? No?



Are you advocating that source code in the app_code directory is
less a security risk than compiled assemblies in the /bin directory ?

To me, that'd be surprising, Peter.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[Mark Rae]

Are you advocating that source code in the app_code directory is
less a security risk than compiled assemblies in the /bin directory ?

To me, that'd be surprising, Peter.

Me too, FWIW...

 

[Guest]

I'm not advocating anything here, just pointing out what seems to be
self-evident. I personally do not have an APP_CODE folder in any of my
production work.

However, my point, which you may have missed, is that somebody who wants
your code would need access to the IIS deployment folder in either case. If
that's a security issue, you could certainly make the case that leaving
source code there is less of a risk than your compiled assemblies, but the
fact of the matter is that I am on your box and I AM going to get your
"stuff" one way or the other - MWAHAHAHAH!

Peter
--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net

 

[Juan T. Llibre]

<chuckle>

Among two evils, I'd certainly choose the smaller one, though.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================