WCF readerQuotas settings - drawbacks?

Question

If a WCF service returns a byte array in its response message, there\'s a chance the data will exceed the default length of 16384 bytes. When this happens, the exception wil

Answer 1

The main drawback is a potential vulnerability to attacks - e.g. a malicious source can now flood your webserver with message up to 2 GB in size and potentially bring it down.

Of course, allowing 2 GB messages also puts some strain on your server in terms of memory consumption, since those messages need to be assembled in memory, in full (unless you use streaming protocols in WCF). If you have 10 clients sending you 2 GB messages, you'll need plenty of RAM on your server! :-)

Other than that, I don't see any real issues.

Marc

Answer 2

There is an article on MSDN which explains the various security considerations you need to think about when setting these values. Some denial-of-service attacks are those which eat up your memory and some of them (such as MaxDepth not being set properly) could cause fatal StackOverflowExceptions which could bring down your server in a single request.

http://msdn.microsoft.com/en-us/library/ms733135.aspx