将 PDB 调试文件留在实时服务器上是否存在任何安全问题?
将 .NET PDB 文件保留在真实服务器上是否存在任何安全问题?
我知道抛出异常可能需要更长的时间,但是谁会在正常执行期间抛出异常呢? :-)
但是从安全角度来看呢? 有什么问题吗?
Are there any security issues keeping the .NET PDB files on the real server?
I know that throwing exceptions might take a bit longer , but who throws exceptions during normal execution anyway? :-)
But from a security perspective? any issues?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
基本上,当涉及到查看时,PDB 就位于源代码下方,并且 ASP.NET/IIS 也不会阻止它们被下载。
现在人们肯定必须猜测程序集名称,这可能不太可能,但为什么要冒这个风险呢?
Basically PDBs are just below source code when it comes to poking about, and ASP.NET/IIS doesn't stop them from being downloaded either.
Now sure people would have to guess the assembly name, and that may be unlikely, but why take the risk?
嗯 - 对此我倾向于安全警告。 我认为你应该有 PDB,但不要在生产服务器上。 此外,您应该在任何实时系统上关闭“调试”。 调试是令人讨厌的,当你不需要它时你就不会想要它。
来自 Scott Guthrie:
设置部署零售machine.config 中的 =true:
这会覆盖调试、错误和跟踪设置,这将防止计算机本身之外的任何错误泄露。
既然您已关闭调试,没有错误或跟踪,为什么还要将 PDB 部署到生产服务器呢? 将它们存储在其他地方,甚至可能是您的开发服务器。 从开发到生产的代码升级脚本可以专门排除 PDB,但将它们存档,以便在您需要对生产进行调试时可用。
Hmm - I'd lean on the side of security caution on this. I think you should have PDBs, but not on production servers. Besides, you should have Debug turned off on any live system. Debug is nasty, and you just don't want it when you don't need it.
From Scott Guthrie:
Set deployment retail=true in your machine.config:
This overrides debug, error and trace settings, which will prevent any error disclosure outside of the computer itself.
So now that you have debug turned off, no error or trace on, why would you deploy PDB's to the production server? Store them somewhere else, perhaps even your development server. Your code promotion script from Dev to Production can specifically exclude the PDBs, but archive them so that they're available if you ever need to do debugging of production.
将 .PDB 文件发布到网站时,您可能遇到的唯一问题是发生异常,并且您忘记在 web.config 中设置 CustomErrors 属性。 堆栈跟踪将显示文件名和行号,这可能是一个安全问题。
我认为没有其他风险。
The only problem you may encounter when publishing .PDB files to your website is when an exception occurs, and you forgot to set the CustomErrors property in web.config. The stack trace will be displayed with file names and line numbers, which may be a security problem.
I don't think there are any other risks.
我认为一个公平的论点是,不将 PDB 留在实时服务器上也是一种风险。 在生产崩溃并且问题无法在开发或 UAT 上重现的情况下,诊断错误发生的位置会更加耗时(并且可能不可能)。
至少,与部署的 DLL 匹配的 PDB 应该位于生产服务器上某处的 ZIP 文件中。 如果您不在身边提供帮助,除您之外的其他人应该可以轻松找到它们。
另请参阅 PDB 文件:每个开发人员必须了解的内容< /a> 约翰·罗宾斯。
I think a fair argument is also that not leaving the PDBs on the live servers is a risk. In the case where production is crashing and the problems can't be reproduced on dev or UAT, it's much more time consuming (and perhaps impossible) to diagnose where the error is occurring.
At the very least, the PDBs that match the deployed DLLs should be in a ZIP file on the production server somewhere. They should be easily located by people other than yourself in case you aren't around to assist.
Also see PDB Files: What Every Developer Must Know by John Robbins.
如果您的系统在使用 PDB 时不安全,那么如果没有它们,系统也可能不安全。 显然,这取决于更好的错误报告对您的价值有多大。 就我个人而言,我非常看重这一点,因此倾向于部署 PDB。
If your system isn't secure with the PDBs, it's probably not secure without them. Obviously, it depends how valuable the better error reports are to you. Personally, I value that a lot, so tend to deploy the PDBs.
如果服务器是 IIS,则不会。 如果将这些文件保存在正确的位置(网站\bin),则不会向公众公开。 有时我会在 Web 服务器上找到中间(obj 目录)文件 - 这似乎是意外公开二进制文件的最喜欢的方式。 在任何情况下,如果你的 pdb 可见,你的 dll 也可见,这更糟糕。
正如 activa 所指出的,堆栈跟踪对于有或没有行号的黑客来说非常有用。 保密。
我假设您可能在真实服务器上运行的任何其他程序(服务等)根本无法公开访问。
If server is IIS, no. These files will not be exposed to the public if kept in the right places (website\bin). Occasionally I've found intermediate (obj directory) files on web servers - this appears to be a favorite way to accidentally publicize binaries. Any cases where your pdbs are visible, you dlls are also visible, which is worse.
As noted by activa, the stack trace is plenty useful to a hacker with or without line numbers. Keep it private.
I assume any other program you might be running on a real server - services, and so forth - isn't publicly accessible at all.
如果您向最终用户呈现失败的异常(也称为黄屏死机),则可能会带来攻击者更好地了解您的系统的风险。
可能的解决方案之一 - 制定异常处理策略:
.NET 中的开源异常处理块示例:
来自 Microsoft
理论
If you present failing exceptions to the end-user (aka in Yellow Screen of Death), then it might pose a risk of attacker a getting better insight into your system.
One of the possible solutions - to have an exception handling policy that:
Examples of Open Source Exception handling blocks in .NET:
From Microsoft
Theory