You've probably heard that you shouldn't deploy applications with debugging enabled.
Even the default error message that tells you how to enable debugging has a warning in it
reminding you to disable it again before you deploy your application.
But how are you going to be sure you never forget?
Well here's a quick and easy way to be sure all your production applications run with
debugging disabled. Take a look at the retail attribute of the deployment element
in the system.web section of your web server's machine.config file. By default your machine.config file
is located in something like C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG and if you open it
up and look for the deployment element you won't find one. The lack of an entry is equivalent
to the following:
you'll be rewarded with a production environment which doesn't allow tracing, custom errors, or debugging.
Not only does this ensure your applications will perform as they should, it also locks down some
information which could be advantageous to potential hackers. For example, with the retail attribute set to
"true", run-time error messages no longer display the ASP.NET version in their footer as they