Skip to main content

Posts

Showing posts from April, 2011

Security concerns with serialization

Serialization can allow other code to see or modify object instance data that would otherwise be inaccessible. Therefore, code performing serialization requires the SecurityPermission attribute from System.Security.Permissions namespace with the SerializationFormatter flag specified. The GetDataObject method should be explicitly protected to help protect your data.

Inner workings of Deserialization

Within the runtime, deserialization can be a complex process. The runtime proceeds through the deserialization process sequentially, starting at the beginning and working its wasy through to the end. The process gets complicated if an object in the serialized stream refers to another object. If an object references another object, the Formatter queries the ObjectManager to determine whether the referenced object has already been deserialized (a backward reference), or whether it has not yet been deserialized ( a forward reference). If it is a forward reference, the Formatter registers a fixup with the ObjectManager . A fixup  is the process of finalizing an object reference after the referenced object has been deserialized. Once the referenced object is deserialized, ObjectManager completes the reference. 

Limiting Threads in a ThreadPool

The ThreadPool class supports methods for setting the number of minimum and maximum thread in the thread pool. In most circumstances, yhe number of threads is the pool is set at optimum numbers. If you find that your application is being constrained by the threads in th thread pool, you can set the limits yourself. There are two types of situations where you will want to change the thread pool thread limits: thread starvation and startup thread speed. In thread-starvation scenario, your application is using the thread pool but is being hampared because you have two many work items and you are reaching the maximum number of threads in the pool. To set the high watermark of threads for your application, you can simply use ThreadPool.SetMaxThreads. In cases where the startup costs of using the thread pool are expensive, increasing the minimum number of threads can improve performance. The minimum number of threads dictates how many threads are created immediately and set to wait for

Deploying COM-Enabled Assemblies

Although an assembly can be created visible to COM, one should follow below guidelines to ensure that things work as planned: All classes must use a default constructor with no parameters. Any type that is to be exposed must be public. Any member that is to be exposed should be public. Abstract classes will not be able to be consumed. After these criteria are met, the assembly is essentially ready to be exported. There are two mechnisms to do so. One can use VS or a command line utility(TlbExp.exe). First you need to compile the type through Visual Studio's build mechanism or through command line compiler as               csc /t:library ComVisiblePerson.cs Next you need to use Type Library Exporter Utility. This should be done from VS command prompt:               tlbexp ComVisiblePerson.dll /out:ComVisiblePersonlib.tlb Next oyu need to create  resource script (ComVisiblePerson.res) with the following Interface Definition Language (IDL) definition:               IDR_TYPE