tags:

views:

2661

answers:

1
+1  Q: 

WCF readerQuotas settings - drawbacks?

If a WCF service returns a byte array in its response message, there's a chance the data will exceed the default length of 16384 bytes. When this happens, the exception will be something like

The maximum array length quota (16384) has been exceeded while reading XML data. This quota may be increased by changing the MaxArrayLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader.

All the advice I've seen on the web is just to increase the settings in the <readerQuotas> element to their maximum, so something like

<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
              maxArrayLength="2147483647" maxBytesPerRead="2147483647"
              maxNameTableCharCount="2147483647" />

on the server, and similar on the client.

I would like to know of any drawbacks with this approach, particularly if the size of the byte array may only occassionally get very large. Do the settings above just make WCF declare a huge array for each request? Do you have to limit the maximum size of the data returned, or can you just specify a reasonably-sized buffer and get WCF to keep going until all the data is read?

Thanks!

+5  A: 

The main drawback is a potential vulnerability to attacks - e.g. a malicious source can now flood your webserver with message up to 2 GB in size and potentially bring it down.

Of course, allowing 2 GB messages also puts some strain on your server in terms of memory consumption, since those messages need to be assembled in memory, in full (unless you use streaming protocols in WCF). If you have 10 clients sending you 2 GB messages, you'll need plenty of RAM on your server! :-)

Other than that, I don't see any real issues.

Marc

marc_s  2009-05-07 15:22:32
Ok, so do the settings in the server config just affect the request messages, and the settings in the client config affect the response messages? If I have a service which takes a small request message but could return a large response, do I have to make any changes to the server config, or leave it to the clients? Is there a way of changing the server config so that when a client creates a service reference it will automatically be set up for large responses? Thanks!
Graham Clark  2009-05-14 09:56:11
How is that "large response" structured? Is it basically a file you're returning? If so, I'd check out streaming for a stream-based response. As far as I understand it, the server setting will affect both the incoming requests, as well as the outgoing responses, so if you set the message size too small, a large response won't be possible (you're basically sizing a buffer on the server used for requests and responses).
marc_s  2009-05-14 10:53:09

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability