current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Information Security Stack Exchange is a question and answer site for information security professionals. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 1 down vote favorite

Source maps are a convenient way to work with directly with code that has been obfuscated and/or minified, yet trace errors back to the original "pretty" code.

My understanding is that obfuscating and minifying code generally does not do anything useful from a security standpoint, so my instinct is that providing files that reverse this process shouldn't be a problem. And providing them can lead to better error reports and faster reproducing of live problems.

Is there any good security reason to include or restrict the presence of .map files on live production web servers?

share|improve this question
1  
Anything not directly related to the main service has no place on live production rigs. By reducing attack surface you are protecting (somewhat) from unknown threats. – Deer Hunter Feb 12 at 19:46

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.