Tuesday, April 19, 2011

Security concerns with serialization

Serialization can allow other code to see or modify object instance data that would otherwise be inaccessible. Therefore, code performing serialization requires the SecurityPermission attribute from System.Security.Permissions namespace with the SerializationFormatter flag specified. The GetDataObject method should be explicitly protected to help protect your data.

Sunday, April 17, 2011

Inner workings of Deserialization

Within the runtime, deserialization can be a complex process. The runtime proceeds through the deserialization process sequentially, starting at the beginning and working its wasy through to the end. The process gets complicated if an object in the serialized stream refers to another object.

If an object references another object, the Formatter queries the ObjectManager to determine whether the referenced object has already been deserialized (a backward reference), or whether it has not yet been deserialized ( a forward reference). If it is a forward reference, the Formatter registers a fixup with the ObjectManager . A fixup is the process of finalizing an object reference after the referenced object has been deserialized. Once the referenced object is deserialized, ObjectManager completes the reference. 

Limiting Threads in a ThreadPool

The ThreadPool class supports methods for setting the number of minimum and maximum thread in the thread pool. In most circumstances, yhe number of threads is the pool is set at optimum numbers. If you find that your application is being constrained by the threads in th thread pool, you can set the limits yourself.
There are two types of situations where you will want to change the thread pool thread limits: thread starvation and startup thread speed.

In thread-starvation scenario, your application is using the thread pool but is being hampared because you have two many work items and you are reaching the maximum number of threads in the pool. To set the high watermark of threads for your application, you can simply use ThreadPool.SetMaxThreads.

In cases where the startup costs of using the thread pool are expensive, increasing the minimum number of threads can improve performance. The minimum number of threads dictates how many threads are created immediately and set to wait for new work to do. Typically, the ThreadPool limits the number of new threads to be created during the running of a process to two per second. If your application need more threads created faster, you can increase this size. Setting minimum numbers of threads can be done by using ThreadPool.SetMinThreads

Deploying COM-Enabled Assemblies

Although an assembly can be created visible to COM, one should follow below guidelines to ensure that things work as planned:
  • All classes must use a default constructor with no parameters.
  • Any type that is to be exposed must be public.
  • Any member that is to be exposed should be public.
  • Abstract classes will not be able to be consumed.
After these criteria are met, the assembly is essentially ready to be exported. There are two mechnisms to do so. One can use VS or a command line utility(TlbExp.exe). First you need to compile the type through Visual Studio's build mechanism or through command line compiler as
              csc /t:library ComVisiblePerson.cs
Next you need to use Type Library Exporter Utility. This should be done from VS command prompt:
              tlbexp ComVisiblePerson.dll /out:ComVisiblePersonlib.tlb
Next oyu need to create  resource script (ComVisiblePerson.res) with the following Interface Definition Language (IDL) definition:
              IDR_TYPELIB1 typelib "ComVisiblePersonlib.tlb"
then you recompile the application with the new resource file added as:
              csc /t:library ComVisiblePerson.cs /win32res:ComVisiblePerson.res