Roundtripping DataContracts andDenial Of Service attacks

StackOverflow https://stackoverflow.com/questions/8881608

I am working on a datacontract as follows that uses IExtensiblesDataObject to make it forward compatible with version 02 of this contract, but am worried about possible 'accidental' denial of service via clients passing excessive quantities of data over the wire that needs to be de-serialised, re-serialised and sent back.

Without turning the support off via the ignoreExtensionDataObject in the config file, is there a way of protecting against such an eventuality, i.e. can you cap the quantity somehow ?

[DataContract(Namespace="http://schemas.myComany.com/sample/01")]
public class Sample : IExtensibleDataObject
{
    [DataMember]
    public int32 sample_ID;

    private ExtensionDataObject _data;
    public virtual ExtensionDataObject ExtensionData
    {
        get { return _data; }
        set { _data = value; }
    }

    ....
}

Thanks in advance

有帮助吗?

解决方案

The way to protect your service is limiting MaxReceivedMessageSize (by default it is 65KB) and reader quotas in your binding.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top