Hi all,
I have a problem here. There is an off-the-shelf application (Web) that I have been asked to support and maintain. I've set up the application in a testing environment, and in production. It has a configuration file that contains the url of the web application. I think it uses it to point back to a local web service.
Now, the thing is someone suggested that it would be good to have this url to be "localhost" - that way the configuration file is the same in all environments. Should I have used the actual url test.tinyurl.com and prod.tinyurl.com, we end up having different config file for each environment.
Now, I know ways to get around this if it was my own web applications. I would use some sort of machine.config, environment tokens in registry, etc.. But, unfortunately this is a third party software.
I guess now my real question is - Is it okay to use localhost in production config files? What are the CONS of doing this?
Security risk first comes in my mind. Can anyone elaborate more on using localhost in production config?
Thanks
Regards