RE: Need for programmatic config:timeToleranceInSeconds, MaxReques

From: drkraus (drkraus_at_nospam.nospam)
Date: 12/08/04 

Date: Wed, 8 Dec 2004 09:23:03 -0800

Hi Dan,

Well, it did bother me a bit that I could override a read-only property
using reflection, but only in principle.

A little more background:
In reality, I would have been satisfied if I could have created an
application config file for our client DLL, that is invoked as an add-in to
Excel. Our client group attempted this without success. They ended up
creating a config file (ie. appname.dll.config) that they specifically query
to pick up their application settings. Any non-application settings that are
present are ignored at DLL load time, and would have to be programmtically
set as I have described. The next alternative was to create an
Excel.exe.config file, which is unacceptable.

I have been assuming that when a setting like timeToleranceInSeconds is
configured in a app.config file, that this setting is specific to that
application only. The same goes for any programmatic setting of the same
property by a client. If this is true, I am not sure where the concern lies.
We are just talking about how the property is set. Now, if it is easier to
compromise/spoof an application program, than it is to compromise/spoof a
config file, then I might see a problem. This would then lead me to believe
that I may have indeed "hacked into" the MaxRequestLengthInBytes property
using reflection.

Finally, even though there is only one of our clients per box, a per-site
config setting would not allow other non-related applications to use other
values.

thanks, Dave

"Dan Rogers" wrote:

> Hi Dave,
>
> Interesting requirements. Would a per-site/config value for these make
> sense? I think the thinking right now is that these are administrator
> and/or business policy type settings that you may not want a programmer or
> application to be able to override.
>
> Thoughts?
>
> Dan Rogers
> Microsoft Corporation
> --------------------
> Thread-Topic: Need for programmatic config:timeToleranceInSeconds,
> MaxRequestLen
> thread-index: AcTcu4f8VZA0MUw9QCyRyEgzmboVQA==
> X-WBNR-Posting-Host: 4.43.44.35
> From: "=?Utf-8?B?ZHJrcmF1cw==?=" <drkraus@nospam.nospam>
> Subject: Need for programmatic config:timeToleranceInSeconds, MaxRequestLen
> Date: Tue, 7 Dec 2004 16:19:07 -0800
> Lines: 30
> Message-ID: <30AB465D-A703-4943-B259-C588C7CAE6BC@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
> Xref: cpmsftngxa10.phx.gbl
> microsoft.public.dotnet.framework.webservices.enhancements:5076
> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
>
> In another thread I have documented my struggle and success at finding a
> way
> to programmatically alter the read only property MaxRequestLengthInBytes
> (Microsoft.Web.Services2.Configuration.WebServicesConfiguration.MessagingCon
> figuration.MaxRequestLengthInBytes)
> using reflection to access a private data member, in order to allow larger
> size DIME attachements.
>
> Now I am trying to figure out how to set timeToleranceInSeconds. It seems
> that setting wsproxy.RequestSoapContext.Security.Timestamp.TtlInSeconds
> sets
> the defaultTtlInSeconds config parm, but that there isn't a way, that I
> have
> found to do the same for timeToleranceInSeconds. Clock drift of more than 5
> minutes isn't too uncommon, so I was thinking of uping the value to avoid
> message expiration problems.
>
> Anyway, the common thread here is that, yes, this can be done in the
> web.config and the app.config files to solve these problems, but in my
> case,
> when the client is an Excel add-in, creating an excel.exe.config file, or
> altering machine.config isn't kosher since other add-ins or client users
> may
> want different settings.
>
> So I have a specific questions and a general one for any Microsoft guru's
> out there.
> 1. Specific: Is there a way to set timeToleranceInSeconds programmatically?
> If not directly, then via reflection (the class location of the property
> would help me).
>
> 2. Does it make sense to request a change from Microsoft to enable better
> programmatic manipulation of these kinds of config parameters?
>
> thanks, Dave
>
>

Relevant Pages

  • RE: Need for programmatic config:timeToleranceInSeconds, MaxReques
    ... un-conventional - after such point when Excel has been redone in managed ... MaxReques ... application config file for our client DLL, that is invoked as an add-in to ... Our client group attempted this without success. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: SV: [SLE] Citrix client on SuSE 9.0
    ... This looks more like a browser config issue ... Basically conqueror doesn't know to use the ica client for all ... Subject: SV: Citrix client on SuSE 9.0 ...
    (SuSE)
  • Re: Slow opening of files
    ... will post the IP config tomorrow when I can access a workstation, ... if they open the file via the Office App itself the file opens ... The client has a member server and the same ...
    (microsoft.public.windows.server.sbs)
  • Re: what to do with local and remote users for a SBS Network?
    ... I have a client with nearly the same configuration you describe: ... * The laptop user also has one of the desktops, ... Outlook on desktops ... Here is the current config: ...
    (microsoft.public.windows.server.sbs)
  • RE: Need for programmatic config:timeToleranceInSeconds, MaxReques
    ... I used reflection to set the MaxRequestBytesInLength read only ... > application config file for our client DLL, that is invoked as an add-in to ... >> Now I am trying to figure out how to set timeToleranceInSeconds. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)