Why do I set Debug=False in my ASP.NET Applications when they go live in production?
A web.config of an ASP.NET application has a compilation element which exposes a Debug attribute that can be set to either “True” to produce release(retail) binaries or “False” for debug binaries.In both cases what is ultimately generated is binary ,but the way they are generated and the way they affect general performance of your ASP.NET application is very different.
- In most of the cases I don’t really need each page of my ASP.NET application to be compiled individually into separate assemblies (Debug=”True”). I know the cost of loading each assembly into memory and how it kills the performance. I would even delete global.asax for small ASP.NET applications where I don’t use it at all as it is also compiled into a separate assembly.
- I do really need the pages under each folder to be batch-compiled by arriving of the first request rather than multiple compilations upon requests to different pages. Be informed that batch compilation occurs at the directory level, not the application level and there is no batch-compilation when Debug=”True”.
- Many people bring up some lame excuses that our web server is behind the firewall and who cares about the security!!!! Well, that’s ludicrous that people never think about the problem ahead till they are in trouble. I’d say driving a hummer doesn’t mean that you shouldn’t buckle up, Firewall is cool but it doesn’t mean that you as a developer should forget about the security principles that you must consider in the project’s life cycle. When Debug=”True” is specified debug symbol file, compiler command line file, compiler output file, etc are all compiled and placed in the “WindowsMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET” in addition to the assembly. It means your source code is deployed to the production server and can easily be deciphered.Beside that the inclusion of debug information ALSO reduces performance. (but allows a debugger to be attached to step through the assembly’s code, and also allows ASP.NET to provide additional information when an exception is thrown such as the line on which the exception was thrown)
Microsoft offers an excellent whitepaper which I really suggest you to read before deploying your application to the production server.
Categories: Uncategorized