What are the suggested methods for using javascript files with MOSS 2007 ? in the 12 Hive somewhere or directly in the site's virtual directory in a scripts directory ? Or possibly as a embedded resource in a webpart ?
Personally, it all depends on what purpose the JavaScript files are going to serve. If they're going to be shared amongst multiple components then I would suggest placing them in the 12-hive. If however, they're going to be isolated to a single component - a web part for instance - then embedding them as a resource will work as well.
This article has a discussion about best practices for the deployment of web part resources which you may find useful, in concludes:
In this post, you have seen how to
both link to and embed Web Part
resources. Each has its own
advantages and disadvantages, mostly
boiling down to whether you need to
maintain the resource separately from
the Web Part. In both cases, the
resource file can be cached, so there
is little performance difference from
each option. Feel free to use one of
these two approaches for your next web
part.
I suggest you deploy these scripts in the 12-hive.
Having them in the 12-hive ensures fast access, which is important for scripts. You risk page rendering lag otherwise. More admin overhead as you must deploy them on all frontend webservers in your farm.
Having them in the content DB makes them more centrally manageble at the const of performance.
Mine where added to Sharepoint Designer in a folder I called "scripts" I think that puts it in the database.
We use a seperate scripts directory.
We use a similiar approach to images.
This allows us to share images and Javascript easily between our webparts, and custom applications which are available though Sharepoint.
This should also mean they're only downloaded once, and cached.
Related
Here it is my problem:
I developed an MVC site and currently using standard method to publish which will placed files & folders inside the server. All dll files go under BIN folder and so on with the Content and Views go to Content & Views folder.
The problem is this website is an admin panel designed for commercial hardware device (embedded windows OS), so exposing the views and content as a plain text file can't be an option since it will open vulnerability of hijacking/code stealing. Even the device will be packed in a sealed box, anyone who buy it can broke the case and when they are knowing that the device run in windows environment then anything of security breach may happen, including stole the views code to be copied/changed for any purpose.
So I would need to secure the MVC files. I imagine if MVC can be published in secure files, e.g put all the content and views inside dll files.
By default there is an assumption that whoever has access to your views and DLLs is trusted. If they have your files, they can do whatever they want with them.
By the nature of HTML, there is no point in trying to conceal your content files such as javascript and CSS. These files are served to the client regardless, so they are always retrievable.
If you want to put your views into DLLs, you can look into RazorGenerator.
A Custom Tool for Visual Studio that allows processing Razor files at design time instead of runtime, allowing them to be built into an assembly for simpler reuse and distribution.
Please note that what you're doing is known as security through obscurity.
[ ... ] security through obscurity is the use of secrecy of the design or implementation to provide security
Security through obscurity is discouraged and not recommended by standards bodies.
MVC views should never contain business logic, only formatting logic and that is it. Moreover, since C# code is compiled into Intermediate Language (IL), anyone can reverse the process and get the source code.
In such case, you need an obfuscator to mingle the IL to make it difficult to hack, but that this not 100% guaranteed to prevent hackers from reverse engineer you IL (DLL and exe).
The best thing to do is to establish a comprehensive way of testing the admin panel and to facilitate a robust update process, so in case anything went wrong, you push your updates as quickly as possible.
Is it good practice to have a production (live) asp.net website that is also a working copy to push updates?
In general this is considered bad practice primarily because the source control repository contains the source whereas the production application contains the result. The two are kept separate for a number of reasons:
Security. If your source is on your production server, it's at risk of being viewed. Maybe this is a problem, maybe it's not. The safe approach is to just not have the source on the production server.
Performance. The result of building the source can be optimized for performance in ways that the source itself generally isn't. In a .NET application, for example, the production deployment doesn't contain debugging symbols. This may not be an issue in your particular application, but it's something to consider.
Multiple Results. Is your source an actual application, or is it information used to build an application? Can multiple versions be built? For example, in a .NET web application, you might have Web.config transforms. These are used at deploy-time to adjust the result of building the source. If the source itself is being used as the live application, these deploy-time modifications aren't available.
Others may be able to articulate this much better than I can, but in general it is considered bad practice, yes. Your particular application may be an exception to any particular reason or may not be meaningfully affected by any particular reason, so I stress the "in general" part.
Depending on the layout of your project, there may be some security concerns. For instance, if you have a .txt file with some sensitive information, keep in mind that it will accessible in your site.
Anything in App_Code or any .cs, .vb, .config, etc files will not be served by ASP.NET, so you can put stuff you don't want people seeing there.
Also, for initial loading performance, you should precompile your site via the VS Publish command or the Web Deployment Project addin (assuming you're working with a web site project). You could create an svn branch for the precompiled, deployable code and use that branch on your server.
You can use services like http://springloops.io or http://deployhq.com to only push certain folders to a server. That gives you a lot of flexibility in pushing code to deployment.
There is a lot of action in the CSS/JS bundling+minification space with MVC4 and things like Cassette, but I can't seem to find one that supports uploading to a CDN natively.
We use Rackspace Cloud Files and it requires that we upload (via their API no less) our assets directly - it doesn't do an origin-pull.
Right now, we have MSBuild script that does this for us, but it is very difficult to maintain and work with.
If you could map a drive, I think RequestReduce MIGHT get you what you want out of the box. It performs bundling and minification at runtime and provides some configuration options that allow you to specify the drop location of generated assets to any UNC path. The intent of this config is for web farm scenarios that have a dedicated share for static assets. I'm wondering if this might work for you. It also exposes an interface that allows you to essentially take over the process of saving and retrieving assets from any durable store. It comes with a local disk store and there is a SqlServer store provided as a separate Nuget package. I've had others propose writing ones for Azure blob or amazon ec3. Its a bit involved but not too horrible. At any rate its free, it provides background image spriting and optimization which few others provide and there is another Nuget package that adds Less/Sass/Coffee compiling. Its used by Microsoft on alot of the MSDN/Technet properties.
I run the project and would be happy to answer any questions via the Github Issues page.
Just wondering is there any drawbacks to publishing a ASP .NET web application by copying all the files in it? (That means all the .cs, .csproj files will be included in the published folder)
So far I can think that the published folder's total size may become a little bigger (but that a negligible issue for me).
I would also have some security concerns here as you are posting files to a (production?) server that have no business being there. If one was to compromise your server or find a way to get those files from IIS, they could in theory gain access to all of the .cs files used to create your dll's for your web app. Space is another concern as well.
When publishing the codebehind-files malicious users could access your code, and find an opening for attacks.
I do only the files needed to run the site, but more from an intellectual property standpoint. The business logic and data access stuff is mine. My client gets what they need to run their site and go about their business. They didn't pay me to know how I accomplish those things. I want them to have to come back to me and need me to make a change, not pass it off to someone else who might benefit from my design (although, that's doubtful, I've seen my code).
What, apart from making the publishing process more complex than need be?
Okay, so ASP.net allows one to embed Images into an Assembly and access them using WebResource.axd.
I just wonder: What are the Pros/Cons of using Web Resources instead of Images in a folder on the Web Server, like how it's being traditionally done?
This article mainly mentions ease of deployment, but that doesn't seem to justify the extra amount of work.
One clear scenario is: third party controls.
I really don't want to deal with different script/image files for controls we are not developing. With embedded resources, its just the .dll file and that's it :).
The same applies if you are developing custom web controls that you will be using across different web sites.
I built custom controls that used by three different applications in same machine. When I maintain scripts for controls, I can forget deploying the new script file to every application.
In this scenario, it's good to embed resources into assembly and deploy assembly to GAC.
But the good point about external files (not embedding resources) is that, sometimes you realize a bug in script files. deploying it without resetting application is a good thing in an online application.
here is the rule i think it is the best,
if you have resources that wont change that often like, scripts, images. then you are better embed them in resources.
but if you have resources, that change versions like Jquery, then you should create properties to point to those external resources.
hope this helps
For me it is just a an another not-killer-feature added in ASP.NET . I do not think that it was implemented with serving a lot of content in mind but some times the added ease of deployment matters, then you gain some benefit. Question is when?
Microsoft states that they use it for eg. to serve forms validation scripts, and that due to caching it should not affect performance. That creates isolation for the controls and their scripts, so you do not have to worry about them yourself when adding them to your site.
So for me, if you think it helps you deploying user/server controls you can try. For serving images in general? I would not bother.
I would not put images into the assembly. It's just too much work for no apparent benefit. Is it faster? Probably not as Reflection-like speeds would be called in to get to the resource. Is it harder to maintain, you bet!
Why would a high-end developer be needed when the business wants to update a logo for example?