Information
Developers often enable the debug mode during active ASP.NET development so that they do not have to continually clear their browsers cache every time they make a change to a resource handler. The problem would arise from this being left 'on' or set to 'true'. Compilation debug output is displayed to the end user, allowing malicious persons to obtain detailed information about applications.
This is a defense in depth recommendation due to the <deployment retail='true' /> in the machine.config configuration file overriding any debug settings. It is recommended that debugging still be turned off.
Setting <compilation debug> to false ensures that detailed error information does not inadvertently display during live application usage, mitigating the risk of application information leakage falling into unscrupulous hands.
NOTE: This section requires ASP.NET, but ASPNET and .Net Extensibility have not been found.