Hi all, This is maybe more of an ethical security question. but its IIS related..
I've been asked to put an existing internal (web forms) aspx application securely on to the internet.
I am re-writing this as an MVC app but its going to be a good 9 to 12 months before its ready.
Now, I've added tables for logins, and implemented forms authentication.
Now an interesting security feature.. As an extra layer of security, I'm considering adding this to the internet but without an online DNS entry. This is so no one will every find it?? Each user has a company pc/laptop which I can roll out a hosts file entry to the online application name/IP address.
my question: is that secure enough to prevent a hacker from finding it, getting in? hiding the site so it cant be discovered and forms authentication.
tia D