Top ASP 101 Stories Connections, Commands, And Procedures What is ASP? VBScript Classes: Part 1 of N QUICK TIP: Reduce Web Form Spam by Checking Server Variables Show All Tips >>  ASP 101 Updates

Quick Tips

You've probably heard that you shouldn't deploy applications with debugging enabled. Even the default error message that tells you how to enable debugging has a warning in it reminding you to disable it again before you deploy your application. But how are you going to be sure you never forget?

Well here's a quick and easy way to be sure all your production applications run with debugging disabled. Take a look at the retail attribute of the deployment element in the system.web section of your web server's machine.config file. By default your machine.config file is located in something like C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG and if you open it up and look for the deployment element you won't find one. The lack of an entry is equivalent to the following:

<system.web>
  <deployment retail="false" />
</system.web>

But if you add the entry and switch the setting to true:

<system.web>
  <deployment retail="true" />
</system.web>

you'll be rewarded with a production environment which doesn't allow tracing, custom errors, or debugging. Not only does this ensure your applications will perform as they should, it also locks down some information which could be advantageous to potential hackers. For example, with the retail attribute set to "true", run-time error messages no longer display the ASP.NET version in their footer as they otherwise would.

For more information, check out the documentation for the Deployment Element (ASP.NET Settings Schema) on MSDN.

Now you can debug to your heart's content on your development machine and still rest easy that your applications are performing their best on the server.

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.