|
.net
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Development in IIS or on file systemASP.NET 2.0 installs web projects by default in the file system, leveraging
the increased security of the new personal web server, rather than relying on hacker prone IIS. However, it strikes me that this will add more headaches for testing because your development doesn't use IIS. For example, you lack the benefits of testing withing the VS IDE with debugging, as well as identifying IIS issues upfront. We work in an environment where Microsoft's updates are automatically downloaded and installed, keeping IIS ideally as up to date as Microsoft is able to make it. Aside from the obvious security benefit of not using IIS, are there other advantages/disadvantages/work arounds that should be considered here? Thanks in advance. Mark
Show quote
On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <m***@nojunkmail.com> At the risk of answering what appears to be, at least in part, awrote: >ASP.NET 2.0 installs web projects by default in the file system, leveraging >the increased security of the new personal web server, rather than relying >on hacker prone IIS. However, it strikes me that this will add more >headaches for testing because your development doesn't use IIS. For >example, you lack the benefits of testing withing the VS IDE with debugging, >as well as identifying IIS issues upfront. We work in an environment where >Microsoft's updates are automatically downloaded and installed, keeping IIS >ideally as up to date as Microsoft is able to make it. > >Aside from the obvious security benefit of not using IIS, are there other >advantages/disadvantages/work arounds that should be considered here? > loaded question, it's important to remember that development and test are two different stages. Jim Cheshire Yes - testing is certainly done beyond development. However, it is my
responsibility to test my software thoroughly prior to handing it to the tester. I can copy the files from the file system to my local IIS to test .... but again I lose the debug capabilities, not to mention the ease of finding problems just by working natively in IIS all the time. Also - no loaded question was intended. Microsoft has created a "safe" place for us to develop code, but it strikes me as a limited environment. I'd love feedback on how others intend to balance the need for feeling safe, and the desire for increased functionality. Once we have our team head down one path, it would be a pain to change it for everyone. Thanks again. Mark Show quote "Jim Cheshire" <nom***@nomail.com> wrote in message news:ggr1t15qeecd8ipa94cq9rs1vags9hk685@4ax.com... > On Fri, 20 Jan 2006 07:55:53 -0600, "Mark" <m***@nojunkmail.com> > wrote: > >>ASP.NET 2.0 installs web projects by default in the file system, >>leveraging >>the increased security of the new personal web server, rather than relying >>on hacker prone IIS. However, it strikes me that this will add more >>headaches for testing because your development doesn't use IIS. For >>example, you lack the benefits of testing withing the VS IDE with >>debugging, >>as well as identifying IIS issues upfront. We work in an environment >>where >>Microsoft's updates are automatically downloaded and installed, keeping >>IIS >>ideally as up to date as Microsoft is able to make it. >> >>Aside from the obvious security benefit of not using IIS, are there other >>advantages/disadvantages/work arounds that should be considered here? >> > > At the risk of answering what appears to be, at least in part, a > loaded question, it's important to remember that development and test > are two different stages. > > > Jim Cheshire > -- > Blog: > http://blogs.msdn.com/jamesche
Show quote
On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <m***@nojunkmail.com> Yes, the ASP.NET Development Server is a limited environment for sure.wrote: >Yes - testing is certainly done beyond development. However, it is my >responsibility to test my software thoroughly prior to handing it to the >tester. I can copy the files from the file system to my local IIS to test >... but again I lose the debug capabilities, not to mention the ease of >finding problems just by working natively in IIS all the time. > >Also - no loaded question was intended. Microsoft has created a "safe" >place for us to develop code, but it strikes me as a limited environment. >I'd love feedback on how others intend to balance the need for feeling safe, >and the desire for increased functionality. Once we have our team head down >one path, it would be a pain to change it for everyone. > There are several reasons why we chose to go that route, but one of the most important ones is that it allows developers to run and debug code as non-administrators. This has traditionally been a painful process, especially for educational institutions and government agencies. One thing that you may not have thought of is using the ASP.NET Development Server to debug content that physically exists on an IIS instance. In other words, say that you have a Web server called Web01. You can map a drive (say the G drive) on your development box that maps to the content of your Web site on the Web server. In VS 2005, you simply open your project using that file path. Then when you debug, you will actually run against the ASP.NET Development Server, but you can also browse the exact same content on the IIS instance. Jim Cheshire Interesting points. Thanks for the details. Assuming that our developers
are all admins on our boxes, and that we all have IIS installed locally on our machines, is there any good reason not to develop our applications right in our local IIS instances? Thanks again. Mark Show quote "Jim Cheshire" <nom***@nomail.com> wrote in message news:ri32t1pgc4fbui005rt08e3j384e30jl1b@4ax.com... > On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <m***@nojunkmail.com> > wrote: > >>Yes - testing is certainly done beyond development. However, it is my >>responsibility to test my software thoroughly prior to handing it to the >>tester. I can copy the files from the file system to my local IIS to test >>... but again I lose the debug capabilities, not to mention the ease of >>finding problems just by working natively in IIS all the time. >> >>Also - no loaded question was intended. Microsoft has created a "safe" >>place for us to develop code, but it strikes me as a limited environment. >>I'd love feedback on how others intend to balance the need for feeling >>safe, >>and the desire for increased functionality. Once we have our team head >>down >>one path, it would be a pain to change it for everyone. >> > > Yes, the ASP.NET Development Server is a limited environment for sure. > There are several reasons why we chose to go that route, but one of > the most important ones is that it allows developers to run and debug > code as non-administrators. This has traditionally been a painful > process, especially for educational institutions and government > agencies. > > One thing that you may not have thought of is using the ASP.NET > Development Server to debug content that physically exists on an IIS > instance. In other words, say that you have a Web server called Web01. > You can map a drive (say the G drive) on your development box that > maps to the content of your Web site on the Web server. In VS 2005, > you simply open your project using that file path. Then when you > debug, you will actually run against the ASP.NET Development Server, > but you can also browse the exact same content on the IIS instance. > > > Jim Cheshire > -- > Blog: > http://blogs.msdn.com/jamesche On Fri, 20 Jan 2006 13:15:55 -0600, "Mark" <m***@nojunkmail.com> No, in your scenario, you can certainly use the local IIS instance.wrote: >Interesting points. Thanks for the details. Assuming that our developers >are all admins on our boxes, and that we all have IIS installed locally on >our machines, is there any good reason not to develop our applications right >in our local IIS instances? > Jim Cheshire Mark,
To add to Jim's answer, at my main job (F+W Publications, Inc.) we develop on IIS and I develop using IIS for my own side business also. I prefer it that way for many of the same reasons you are thinking of doing it. And my setup is similar to yours in many ways. I would recommend doing one thing if you're worried about IIS possibly being compromised. Because we have our development boxes opened up at work (not to the public but internally) we run software firewalls and allow only local 127.0.0.1 access to IIS. That locks it down pretty tightly. Regards, -- Show quoteS. Justin Gengo Web Developer / Programmer Free code library: http://www.aboutfortunate.com "Out of chaos comes order." Nietzsche "Mark" <m***@nojunkmail.com> wrote in message news:ez8OAYfHGHA.3056@TK2MSFTNGP09.phx.gbl... > Interesting points. Thanks for the details. Assuming that our developers > are all admins on our boxes, and that we all have IIS installed locally on > our machines, is there any good reason not to develop our applications > right in our local IIS instances? > > Thanks again. > > Mark > > "Jim Cheshire" <nom***@nomail.com> wrote in message > news:ri32t1pgc4fbui005rt08e3j384e30jl1b@4ax.com... >> On Fri, 20 Jan 2006 08:26:08 -0600, "Mark" <m***@nojunkmail.com> >> wrote: >> >>>Yes - testing is certainly done beyond development. However, it is my >>>responsibility to test my software thoroughly prior to handing it to the >>>tester. I can copy the files from the file system to my local IIS to >>>test >>>... but again I lose the debug capabilities, not to mention the ease of >>>finding problems just by working natively in IIS all the time. >>> >>>Also - no loaded question was intended. Microsoft has created a "safe" >>>place for us to develop code, but it strikes me as a limited environment. >>>I'd love feedback on how others intend to balance the need for feeling >>>safe, >>>and the desire for increased functionality. Once we have our team head >>>down >>>one path, it would be a pain to change it for everyone. >>> >> >> Yes, the ASP.NET Development Server is a limited environment for sure. >> There are several reasons why we chose to go that route, but one of >> the most important ones is that it allows developers to run and debug >> code as non-administrators. This has traditionally been a painful >> process, especially for educational institutions and government >> agencies. >> >> One thing that you may not have thought of is using the ASP.NET >> Development Server to debug content that physically exists on an IIS >> instance. In other words, say that you have a Web server called Web01. >> You can map a drive (say the G drive) on your development box that >> maps to the content of your Web site on the Web server. In VS 2005, >> you simply open your project using that file path. Then when you >> debug, you will actually run against the ASP.NET Development Server, >> but you can also browse the exact same content on the IIS instance. >> >> >> Jim Cheshire >> -- >> Blog: >> http://blogs.msdn.com/jamesche > >  |
|||||||||||||||||||||||
Other interesting topics