-4

Why doesn't Visual Studio compile the source code (.cs) automatically before publishing, since they know perfectly well that the end-product website is going public? (Unless you're just building the website for your own fun.) Hackers can see .cs files and read "everything"!

What's the point of any encryption if they could just see the code and study it? I'm thoroughly confused! Someone please explain it to me?

Anders
  • 64,406
  • 24
  • 178
  • 215
Piggy Chu
  • 1
  • 1
  • 1
    You can deploy ASP.NET sites with compiled code. It's one of several possible configurations that can be used. – Matthew Dec 15 '17 at 11:25
  • 1
    I have no idea what your problem really is. The "encryption" you refer to is probably TLS which cares only about transport between browser and server and thus has nothing to do with securing the source code. And if the site is properly configured a visitor cannot see the source code of the application but of course can see the generated HTML and static resources like CSS, images etc. Of course somebody which hacked the server might get access to the source code. But if you have an attacker on your machine you have way more problems then just the source code. – Steffen Ullrich Dec 15 '17 at 11:34
  • "Hackers can see .cs files and read "everything"!" can you explain how hackers can see the files? Where and when can they see them? – schroeder Dec 15 '17 at 12:45

1 Answers1

2

Why VS don't compile its source codes (.cs) automatically before publishing its products!? ... if they could just see the code and study it

What does compiling achieve? There are endless products to decompile c#. Even if it couldn't be directly decompiled what is to stop an attacker looking at the compiled code to work out what is going on? If the computer can understand what it has to do.. a human can.

know perfectly that the end-product website is going public!?

The source files are not supposed to go public. You cannot retrieve them from the web server by default unless you specifically enable serving content from that directory.

Further to this it should not matter if they do go public. The only way this causes a problem is if you have hard coded credentials into the code or the code has issues leading to vulnerabilities. Many major web frameworks (which the rest of a website is built on) are open source. As are several of the major web servers available.

Hector
  • 10,893
  • 3
  • 41
  • 44