Vulnerability in EPiServer.Forms
I have some questions regarding the magic modulesbin folder in CMS 7. I can't seem to find any documentation for it so I thought I'd better ask here. From what I have understood, this folder contains files related to add-ons.
What's the recommended strategy for handling the modulesbin folder? Should it be source-controlled? Do we update on one dev machine and then check in changes?
Does this folder need to be writable on production servers? Or is it enough that it is writable on dev machines?
Should it be included in the deploy? (I assume yes).
Thanks in advance!
As you state, the modulesbin folder is part of the Add-On framework. All bin-files from Add-Ons installed on the site will be placed and loaded from this folder when the site starts up. Regarding whether this folder needs to be writable and/or source controlled depends somewhat on your strategy for allowing customers to install and upgrade add-ons theirselves or if you intend to let developers handle this.
If you intend to allow Add-On installations and upgrades on the live servers these folders needs to be writable. If you want to keep these Add-Ons in source control is up to you, for instance depending if you want to have an similar dev and production environment.
If you intend to control installation and upgrades of Add-Ons you should probably make sure that no one has access to the Add-Ons UI and perhaps lock down write permissions on the live servers.