Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there any security issues leaving the PDB debug files on the live servers?

Are there any security issues keeping the .NET PDB files on the real server?

I know that throwing exceptions might take a bit longer , but who throws exceptions during normal execution anyway? :-)

But from a security perspective? any issues?

like image 532
Tore Nestenius Avatar asked Jun 01 '09 07:06

Tore Nestenius


People also ask

Are PDB files safe?

PDBs do not contain source code; they only contain a link to the file that was used at compile time. That way, people could figure out the local file structure of the build server, which might be considered as a security risk.

Should I distribute PDB files?

Answers. PDBs are required for debugging and store debugging information and they are created when you compile the application. Unless you plan to debug in production there is no need and you should aim to deploy in release mode.

Why do we need PDB?

PDB files are symbol files for Windows-based executable's. Without these files, it's not possible to get a readable C-level stack trace from the OpenEdge executable's on Windows platforms.


2 Answers

If your system isn't secure with the PDBs, it's probably not secure without them. Obviously, it depends how valuable the better error reports are to you. Personally, I value that a lot, so tend to deploy the PDBs.

like image 98
dommer Avatar answered Oct 13 '22 00:10

dommer


I think a fair argument is also that not leaving the PDBs on the live servers is a risk. In the case where production is crashing and the problems can't be reproduced on dev or UAT, it's much more time consuming (and perhaps impossible) to diagnose where the error is occurring.

At the very least, the PDBs that match the deployed DLLs should be in a ZIP file on the production server somewhere. They should be easily located by people other than yourself in case you aren't around to assist.

Also see PDB Files: What Every Developer Must Know by John Robbins.

like image 39
Alex Angas Avatar answered Oct 13 '22 00:10

Alex Angas