Deployments – Don’t deploy the wrong file to the wrong place

When deploying a website you should try to deploy the minimum amount of files required to run the site. If extra files are deployed, or deployed to the wrong place, these may leak information.

Examples include

  • WSDL files that are not required
  • DLLS deployed outside the bin directory. On some versions of IIS (out of the box) dlls outside the bin directory can be downloaded and then easily decompiled (you can control the files that can be downloaded via IIS mime types)
  • Read me or instructions

Basically get rid of the junk – if it does not serve a purpose remove it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s