Config.web security
Hi,
putting the configuration in an xml file is very usefull (xcopy)
But there is no special security for this extension !
I do want to deploy a site with xcopy but don't want anyone to view my
configuration.
Nobody at the MS PDC could give me an explenation on this one,
it just seems like they have forgotten this or waht ?
Regards
Bart ten Velde
# 1 Re: Config.web security
Special Security?
Not sure I understand you here.
how are you viewing the config.web file?
MCA
"Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
news:3990016c@news.dev-archive.com...
> Hi,
> putting the configuration in an xml file is very usefull (xcopy)
> But there is no special security for this extension !
> I do want to deploy a site with xcopy but don't want anyone to view my
> configuration.
> Nobody at the MS PDC could give me an explenation on this one,
> it just seems like they have forgotten this or waht ?
>
> Regards
> Bart ten Velde
>
>
# 2 Re: Config.web security
Hi,
just by browsing to http://yourdomain/somesubfolders/config.web
I know the default config.web is put outside the application. but you can
override that one but putting a new one whereever in the tree of your
application. At least, that's how I understood it.
So this means one could browe to this file (if you haven't set security on
it).
Regards
Bart ten Velde
"Mike Amundsen" <mike@amundsen.com> wrote in message
news:39905219@news.dev-archive.com...
> Special Security?
>
> Not sure I understand you here.
>
> how are you viewing the config.web file?
>
> MCA
>
> "Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
> news:3990016c@news.dev-archive.com...
> > Hi,
> > putting the configuration in an xml file is very usefull (xcopy)
> > But there is no special security for this extension !
> > I do want to deploy a site with xcopy but don't want anyone to view my
> > configuration.
> > Nobody at the MS PDC could give me an explenation on this one,
> > it just seems like they have forgotten this or waht ?
> >
> > Regards
> > Bart ten Velde
> >
> >
>
>
# 3 Re: Config.web security
Hello,
do you run an old version of the SDK or have you played around your
config.web?
My standard config.web has the following line somewhere:
<add verb="*" path="*.web" type="System.Web.HttpNotFoundHandler" />
With this line, all requests for files ending in .web get a 404 error.
There is (in the PDC build) another omission in that .aspc is NOT protected
the same way, and this has been acknowledged to be a "bug" that will be
fixed.
But at least on my installs, by default .web is protected.
Thomas Tomiczek
"Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
news:399107a6@news.dev-archive.com...
> Hi,
> just by browsing to http://yourdomain/somesubfolders/config.web
> I know the default config.web is put outside the application. but you can
> override that one but putting a new one whereever in the tree of your
> application. At least, that's how I understood it.
>
> So this means one could browe to this file (if you haven't set security on
> it).
>
> Regards
> Bart ten Velde
>
>
>
>
> "Mike Amundsen" <mike@amundsen.com> wrote in message
> news:39905219@news.dev-archive.com...
> > Special Security?
> >
> > Not sure I understand you here.
> >
> > how are you viewing the config.web file?
> >
> > MCA
> >
> > "Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
> > news:3990016c@news.dev-archive.com...
> > > Hi,
> > > putting the configuration in an xml file is very usefull (xcopy)
> > > But there is no special security for this extension !
> > > I do want to deploy a site with xcopy but don't want anyone to view my
> > > configuration.
> > > Nobody at the MS PDC could give me an explenation on this one,
> > > it just seems like they have forgotten this or waht ?
> > >
> > > Regards
> > > Bart ten Velde
> > >
> > >
> >
> >
>
>
# 4 Re: Config.web security
Hi,
this is exactly what I was looking for !!!!!!!!
I was at the PDC but even on the 'ask the experts' evening,
no expert could give my that answer !
Thanks
Bart ten Velde
"Thomas Tomiczek" <thona@gmx.de> wrote in message
news:39911434@news.dev-archive.com...
> Hello,
>
> do you run an old version of the SDK or have you played around your
> config.web?
>
> My standard config.web has the following line somewhere:
>
> <add verb="*" path="*.web" type="System.Web.HttpNotFoundHandler"
/>
>
> With this line, all requests for files ending in .web get a 404 error.
>
> There is (in the PDC build) another omission in that .aspc is NOT
protected
> the same way, and this has been acknowledged to be a "bug" that will be
> fixed.
>
> But at least on my installs, by default .web is protected.
>
> Thomas Tomiczek
>
> "Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
> news:399107a6@news.dev-archive.com...
> > Hi,
> > just by browsing to http://yourdomain/somesubfolders/config.web
> > I know the default config.web is put outside the application. but you
can
> > override that one but putting a new one whereever in the tree of your
> > application. At least, that's how I understood it.
> >
> > So this means one could browe to this file (if you haven't set security
on
> > it).
> >
> > Regards
> > Bart ten Velde
> >
> >
> >
> >
> > "Mike Amundsen" <mike@amundsen.com> wrote in message
> > news:39905219@news.dev-archive.com...
> > > Special Security?
> > >
> > > Not sure I understand you here.
> > >
> > > how are you viewing the config.web file?
> > >
> > > MCA
> > >
> > > "Bart ten Velde" <Bart_tenVelde@ins.be> wrote in message
> > > news:3990016c@news.dev-archive.com...
> > > > Hi,
> > > > putting the configuration in an xml file is very usefull (xcopy)
> > > > But there is no special security for this extension !
> > > > I do want to deploy a site with xcopy but don't want anyone to view
my
> > > > configuration.
> > > > Nobody at the MS PDC could give me an explenation on this one,
> > > > it just seems like they have forgotten this or waht ?
> > > >
> > > > Regards
> > > > Bart ten Velde
> > > >
> > > >
> > >
> > >
> >
> >
>
>
