Protect Your Service/Stay Popular with Your Network Admin

Blog Post created by smohr on Jan 4, 2011

Back at the dawn of relational databases for PCs, I managed to issue a query that constituted a Cartesian join.  If you're unfamiliar with the term, I'll wait while you ask a DBA.


Yes, it was that bad.  Fortunately, it was a training class and the server came back after a few minutes.  The point is, I was an unpopular fellow for a while.


I mention that because there are a couple of ways for good people to attract unwelcome attention from their network administrators.  One way is to open your web service to a denial of service attack (intentional or otherwise) in which a client requests ten thousand tags, each with a different PIArchiveManner.  It makes the XML deserializer unhappy.  It makes PI Web Services unresponsive.  If WCF and the web service process it, it makes your networking people very unhappy when that big, big hunk of data goes sliding back through the network.  If you didn't mean to attack the network (like asking for *-4D, * when you meant *-4H on a busy tag), it will also make your client app slow and stupid.


Fortunately, WCF can help.  The various bindings support an attribute called maxReceivedMessageSize.  This is the maximum size, in bytes, of a message that the binding will let through.  A WCF client can use this to guard against a service overloading it, and you can use this in the web.config for PI Web Services to protect the service from a rogue client request. WCF will catch a message that exceeds the given value and not even try to process it.