Roundtripping DataContracts andDenial Of Service attacks

StackOverflow https://stackoverflow.com/questions/8881608

Вопрос

I am working on a datacontract as follows that uses IExtensiblesDataObject to make it forward compatible with version 02 of this contract, but am worried about possible 'accidental' denial of service via clients passing excessive quantities of data over the wire that needs to be de-serialised, re-serialised and sent back.

Without turning the support off via the ignoreExtensionDataObject in the config file, is there a way of protecting against such an eventuality, i.e. can you cap the quantity somehow ?

[DataContract(Namespace="http://schemas.myComany.com/sample/01")]
public class Sample : IExtensibleDataObject
{
    [DataMember]
    public int32 sample_ID;

    private ExtensionDataObject _data;
    public virtual ExtensionDataObject ExtensionData
    {
        get { return _data; }
        set { _data = value; }
    }

    ....
}

Thanks in advance

Это было полезно?

Решение

The way to protect your service is limiting MaxReceivedMessageSize (by default it is 65KB) and reader quotas in your binding.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top