Are there any security issues leaving the PDB debug files on the live servers?

Question

Are there any security issues keeping the .NET PDB files on the real server?

I know that throwing exceptions might take a bit longer , but who throws exceptions duri

Answer 1

If server is IIS, no. These files will not be exposed to the public if kept in the right places (website\bin). Occasionally I've found intermediate (obj directory) files on web servers - this appears to be a favorite way to accidentally publicize binaries. Any cases where your pdbs are visible, you dlls are also visible, which is worse.

As noted by activa, the stack trace is plenty useful to a hacker with or without line numbers. Keep it private.

I assume any other program you might be running on a real server - services, and so forth - isn't publicly accessible at all.