New (self-taught) developer question..

[jasonhendee]

Alright, so I am learning .Net, and plan to do some customizations to the CommerceBuilder source eventually.

But for now, we are launching a new AC707 site without any source customizations. I have customized some of the ConLibs, and placed them into the 'Custom' folder / pointed my scriptlets to the modified versions - all is working as expected.

My inexperienced question is this: do I have to 'build' the website / compile it in VWD or VS before uploading to my web server and launching? My web hoster is suggesting that what I gave him with all of the '.cs' files in the App_Code directory shouldn't be present on a live site, but should rather be compiled into dlls for security & performance. Is he correct? Or is it good to go as is?

[mazhar]

There are two type of deployment modes for ASP.NET websites compiled or non compiled. AbleCommerce comes with non compiled mode out of the box. This was done in order to keep AbleCommerce development/deployment easy for merchants. So you did the right thing by giving him complete AbleCommerce package. Now regrading his suggestion about pre compiled website, if you want to do this then you will be required to make some changes in AbleCommerce to make it support compiled deployment.

[jasonhendee]

I see. Are there any security risks of running non compiled? Or does it simply compile at runtime? His fear was that potential hackers could see the source and more easily find a way in, etc. It just seems that in my efforts to learn .Net, nothing I've come across so far really explains the compilation process, steps necessary, pros / cons. My primary learning source so far has been a book called 'Head First C#' which admittedly focuses more so on forms applications than web development.

Anyone have any good info they could point me towards on the topic of compiling code? To those developers among us - how did you go about learning best practices for web development? Any other self-taught developers out there? Thank you all for any suggestions you may have!

[AbleMods]

Are there any security risks of running non compiled? Or does it simply compile at runtime? His fear was that potential hackers could see the source and more easily find a way in, etc

The short answer is "no", you don't need to worry about it.

IIS will handle compiling the site, but only from an efficiency standpoint. The source-code aka code-behind files are still on the server. Building an entire application like AC7 into a compiled form is a major undertaking and rarely necessary.

Even if you did manage to fully compile the entire app, unless you obfuscate the DLL a de-compiler will simply undo all your hard work in about 30 seconds........

However IIS by design does not permit anonymous access to those code files. With a properly configured web.config file and Windows Server permissions, the possibility drops to near-zero. It's is bullet-proof? Of course not. Nothing ever is.

Able has some documentation at http://help.ablecommerce.com/ that explains what minimum NTFS permissions are required for AC7 to function. This would be a good step towards securing the website.

Second, go snag a book or two on IIS. The education will go a long way towards helping you understand how .Net ties together with IIS. A book with emphasis on IIS security would be an obvious plus. Set up an internal IIS setup using the same OS as your deployment environment. Then try to make it secure without breaking the site. The geek in you will be happy you did

If someone wanted to see the code of his website, all they have to do is download the demo of AbleCommerce 7....

As far as doing a VS "build web site", I do it every time before I deploy. Why? Because it easily catches something I missed or forgot about. If I can't get the entire web site to build, something isn't right. It may have no effect whatsoever on the site, but I like a clean application. I don't like knowing something's in there that could bite me later.

As far as best-practices, my story is kinda fairy-tale. I've been a Dbase/Clipper/FoxPro programmer for 20 years. 3 years ago I walked out of the store with a .Net 4 Dummies book. Seriously. I couldn't spell .Net when I bought that book. 6 weeks later I wrote my Quickbooks module. 3 years later I run a full-time business doing AbleCommerce modules, consulting and customizations. Do what you love and you'll never work another day in your life

You could probably find some useful articles from my early days on my site http://support.ablemods.com/ and my blog http://www.ablemods.com/blog/

Feel free to drop me a note if you hit any walls, I'll try to help as much as my schedule permits. If you think it could benefit others, throw it in the forums. Lots of great developers here with a vast array of knowledge and experience.

[jasonhendee]

@AbleMods - thank you so much for your detailed response. Sorry I haven't had time to comment until now - been busy with the launch of our site . I do truly appreciate your insight, and will certainly be looking into some good books such as what you have suggested.

I probably should have chosen a book geared specifically for .Net web development instead of the one I chose initially - 'Head First C#' - but at the same time, I'm sure once I grasp the fundamentals of the technology as a whole, it won't be too difficult to apply that knowledge towards different aspects of .Net implementation. And the way that the Head First series of books is designed is certainly much more engaging than your typical "reference" book with tons of text and a few screen shots on the page. So I've definitely been happy with the book I chose from that angle.

Great to know that you folks are very forgiving and patient with a new developer! Thanks for being so welcoming in this forum - you don't find that too much in forums of any kind these days.

[AbleMods]

Glad to be of help.

My learning curve with .Net was pretty steep, so I'm happy to save others at least some of the pain I endured. Coming from a Foxbase/Clipper/FoxPro dBase environment made that learning curve seem more like a learning mountain.

The .Net environment works very differently from the "normal" programming I was used to doing. It really does take a totally different mindset when designing new pages. Understanding the life cycle of a page and how browsers interact with server-side code on postback was challenging. With some practice and a few long nights, you'll get the hang of it. Just be patient. If this stuff were simple, everyone would be doing it

[jmestep]

As an added note- I read on some website (I think it was Coding Horror) where the programmer said that website programming was so much easier than other types of programming. I could tell he hadn't done much website programming- on different types of programming you don't have to worry about the things Joe mentioned- page life cycle, browser differences, etc. It is a lot harder when you have to take those things into consideration.