1

I am developing a Windows service in C#. When I do the test of the service I get the debug folder inside the bin folder.

I know if I want to make a deployment I should create a release folder.

But my question is: if I took the files from the debug folder and deploy them into our servers, would that cause any issues or security vulnerabilities?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
asmgx
  • 7,328
  • 15
  • 82
  • 143
  • Does this answer your question? [What is the difference between Debug Mode and Release Mode in Visual Studio 2010?](https://stackoverflow.com/questions/5338733/what-is-the-difference-between-debug-mode-and-release-mode-in-visual-studio-2010) and https://stackoverflow.com/questions/367884/what-is-the-difference-between-debug-and-release-in-visual-studio – Klaus Gütter Dec 19 '21 at 19:44
  • Well, they'll run slower (debug builds are not optimized). Why do you want to do this? Most of the time, developers work with debug builds (since, debug). Then you deploy release builds to a test environment(s) to validate everything. That way you are comfortable with the build you'll release to production. I've been working with .NET stuff for 20 years, I'm comfortable in saying that your release build will run the same as your debug build (unless _you_ did something to break the equivalence). – Flydog57 Dec 19 '21 at 19:45
  • Issues? Maybe slightly lower performance. Security vulnerabilities? Unlikely – Caius Jard Dec 19 '21 at 19:51
  • no, it will not cause, but it is better to deploy them as "release". It will remove a lot of junk from the trunk. There is a reason why release, debug modes are available. In release config you might have different settings, then in dev/degub mode – Imir Hoxha Dec 19 '21 at 19:56

1 Answers1

0

No, there won't be any issues for C# applications. There will be issues if your program also includes native (e.g. C++) components, because you then require special libraries to be present on the target system, which are normally not there. But for .NET applications, there's no such thing as a debug runtime, so a program will run and work just the same whether it's compiled as debug or as release. The only difference is that the debug version will be slightly slower and maybe bigger.

There's also no (extra) security vulnerability added by running a program in debug mode. Rather the opposite actually, because release removes assertions you might have placed in your code and so your program fails to abort if something unexpected happens. It will be easier to dissassemble your program if it is a debug build, but unless you have some unrelated security leak, the program code is not available for anyone to look at, and "security trough obscurity" doesn't work, anyway.

So it's perfectly fine to test with a debug build on the server, this will even allow you to nicely perform some remote-debugging in case the program behaves differently than on your computer. But in the end, you should swap to release.

PMF
  • 14,535
  • 3
  • 23
  • 49