Specifically, I want to make it completely impossible for any outside user
to have any access to any of the files stored on the web server. This is
to include any data files, and the web service code. How do I do this?

I want to build my first web service and I need to know more about
security.
(I already posted to microsoft.public.dotnet.framework.aspnet.security
with no response).

Specifically, I want to make it completely impossible for any outside user
to have any access to any of the files stored on the web server. This is
to include any data files, and the web service code. How do I do this?

"Peter Olcott" <NoSpam at (no spam) SeeScreen.com> wrote in message
news:efOdnTK_QM2nM2nXnZ2dnUVZ_tOdnZ2d at (no spam) giganews.com...

Specifically, I want to make it completely impossible for
any outside user to have any access to any of the files
stored on the web server. This is to include any data
files, and the web service code. How do I do this?

The only way to make files *COMPLETELY* inaccessible is
not to host them on a public website in the first place.

There are lots of things you can do to increase the level
of difficulty in accessing certain files, but you simply
cannot 100% guarantee complete inaccessibility.

E.g. you can use any sort of password protection. But what
if by some billion-to-one chance somebody guesses your
password...?

--
Mark Rae
ASP.NET MVP
http://www.markrae.net

"Peter Olcott" <NoSpam at (no spam) SeeScreen.com> wrote in message
news:efOdnTK_QM2nM2nXnZ2dnUVZ_tOdnZ2d at (no spam) giganews.com...
I want to build my first web service and I need to know
more about security.
(I already posted to
microsoft.public.dotnet.framework.aspnet.security with no
response).

Specifically, I want to make it completely impossible for
any outside user to have any access to any of the files
stored on the web server. This is to include any data
files, and the web service code. How do I do this?

Every public web server strives to be secure, but that
doesn't mean there is any foolproof way to keep a hacker
out. The best you can do is do the best you can do.

If you were going to host a web service on a Windows web
server, you'd most likely be serving it via IIS. Data
files in ASP .NET are typically best placed in the
App_Data folder, which is a folder that IIS knows not to
grant outside access to. Your web.config file (or any
file with a .config extension) is also not served by IIS,
and in a production environment, you wouldn't have your
source code (your .vb or .cs files) up on the server
anyway, you'd just have your compiled assembly (.dll),
which is also kept in a protected directory.

So, you really don't have to worry about the sensitive
folders and files of your web service being accessible to
the outside world any more than you'd worry about your
entire server being hacked, which is not a .NET issue, but
a server security issue.

-Scott

"Scott M." <s-mar at (no spam) nospam.nospam> wrote in message
news:usfgLf1XKHA.1268 at (no spam) TK2MSFTNGP04.phx.gbl...

"Peter Olcott" <NoSpam at (no spam) SeeScreen.com> wrote in message
news:efOdnTK_QM2nM2nXnZ2dnUVZ_tOdnZ2d at (no spam) giganews.com...
I want to build my first web service and I need to know more about
security.
(I already posted to microsoft.public.dotnet.framework.aspnet.security
with no response).

Specifically, I want to make it completely impossible for any outside
user to have any access to any of the files stored on the web server.
This is to include any data files, and the web service code. How do I do
this?

Every public web server strives to be secure, but that doesn't mean there
is any foolproof way to keep a hacker out. The best you can do is do
the best you can do.

If you were going to host a web service on a Windows web server, you'd
most likely be serving it via IIS. Data files in ASP .NET are typically
best placed in the App_Data folder, which is a folder that IIS knows not
to grant outside access to. Your web.config file (or any file with a
.config extension) is also not served by IIS, and in a production
environment, you wouldn't have your source code (your .vb or .cs files)
up on the server anyway, you'd just have your compiled assembly (.dll),
which is also kept in a protected directory.

So, you really don't have to worry about the sensitive folders and files
of your web service being accessible to the outside world any more than
you'd worry about your entire server being hacked, which is not a .NET
issue, but a server security issue.

-Scott


Great how do I make files and folders inaccessible?