locked
Limiting Maximum POST size and number of entities RRS feed

  • Question

  • Hi,

    How can I limit the maximum amount of entities that can be inserted into the database /updated / deleted per request? Also, what about the maximum POST request size?

    I think I saw an example of how to do this in the svc.cs file in a demo solution, but I forgot where that was.

    Last but not least: Are there any other parameters I should set to make my data service a bit more robust / secure?
    Friday, July 9, 2010 5:20 PM

Answers

  • Hi,

    You can limit the number of modifications in your IUpdatable implementation.

    There are also bunch of security related settings on the DataServiceConfiguration class. http://msdn.microsoft.com/en-us/library/system.data.services.dataserviceconfiguration_members.aspx

    For example the MachBatchCount.

    As for the POST there's MaxObjectCountOnInsert.

    As for "securing", we usually strongly suggest turning on server driven paging in your sets. (SetEntitySetPageSize).

    You can limit sizes of single fields (like max size of a string) in your IUpdatable.

    Thanks,


    Vitek Karas [MSFT]
    Friday, July 9, 2010 5:40 PM
    Moderator

All replies

  • Hi,

    You can limit the number of modifications in your IUpdatable implementation.

    There are also bunch of security related settings on the DataServiceConfiguration class. http://msdn.microsoft.com/en-us/library/system.data.services.dataserviceconfiguration_members.aspx

    For example the MachBatchCount.

    As for the POST there's MaxObjectCountOnInsert.

    As for "securing", we usually strongly suggest turning on server driven paging in your sets. (SetEntitySetPageSize).

    You can limit sizes of single fields (like max size of a string) in your IUpdatable.

    Thanks,


    Vitek Karas [MSFT]
    Friday, July 9, 2010 5:40 PM
    Moderator
  • Thanks a lot!
    Saturday, July 10, 2010 7:25 AM