Is There Any Reason to Remove System.Diagnostic.Trace Calls from a .NET MVC Production Application?

I hope this isn't a dumb question, but I am writing a .NET MVC application and I was going to heavily use System.Diagnostics during development. If so, I was just going to leave all of those calls (mostly Trace.WriteLine), in the application once it goes to production.

Is there any reason (performance, security, etc...) to not leave System.Diagnostics calls in an application? Maybe certain parts of that library? I had heard that with some libraries (like libraries that use reflection) you have to be careful how you use it because you could potentially expose your application to certain types of attacks.

Any thoughts on what I should beware of would be helpful (if there is anything).

Answers


All calls use CPU and Memory.

You dont need to remove this from your code, you can disable System.Diagnostics.Trace calls to be compiled.

System.Diagnostics.Trace are ConditionalAttribute.

https://msdn.microsoft.com/en-us/library/system.diagnostics.Trace.aspx:

In Visual Studio projects, by default, the "DEBUG" conditional compilation symbol is defined for debug builds, and the "TRACE" symbol is defined for both debug and release builds. For information about how to disable this behavior, see the Visual Studio documentation.

How to disable:

Compilers that support ConditionalAttribute ignore calls to these methods unless "TRACE" is defined as a conditional compilation symbol. To define the "TRACE" conditional compilation symbol in C#, add the /d:TRACE option to the compiler command line when you compile your code using a command line, or add #define TRACE to the top of your file. In Visual Basic, add the /d:TRACE=True option to the compiler command line or add #Const TRACE=True to the file.

Happy to help you!


This is the reason why you should look into ETW and use Eventsource calls for logging.

[Event(2, Level = EventLevel.Error)]
public void TaskCreate(long TaskId) 
{ 
    if (IsEnabled()) 
       WriteEvent(2, TaskId); 
}

This demo event shows that it only gets fired if an active listener is listening to Events for a ETW provider. So ONLY if you use Perfview or Windows Performance Recorder (which is part of the WPT/Windows SDK) to capture a trace, the events are written. If not, the Event never gets raised.


Leaving any unnecessary code in could have implications. First that comes to mind is performance. If those Diagnostic calls use up system resources, even just a little, it could have an impact. It could cause longer running times, etc.

The second part that you already covered was security. Anytime you expose internal parts of your code, it allows the potential for exploitation. It might be minor, but the tighter the better regarding security...

If you can easily remove the Diagnostic/development code, I'd recommend doing so, then testing again before deploying to production.


Need Your Help

MVC noob - changing part of URL in a link

asp.net-mvc asp.net-mvc-2

I have a site that supports localization. I would like to be able to switch between english and french.

Tensor Flow shuffle_batch() blocks at end of epoch

python tensorflow

I'm using tf.train.shuffle_batch() to create batches of input images. It includes a min_after_dequeue parameter that makes sure there's a specified number of elements inside the internal queue, and