>I discovered that, if you create a com object for use in conjunction with FOXISAPI, the existing object is released everytime it is requested to activate a non-existing method.
>
>If you do the same under vfp .. you just get a controllable exception. The object is not destroyed.
>
>Curious and annoying as it possibly means that you can hammer out a FOXISAPI-based site by repeating calling such a non existing object...
>
>The server com objects just die repeatingly on each call and have to be resinstantiated regularly! In view of the size of vfp objects (blurbs) such an attack would be very cpu-intensive.
>
>Is it a bug? does it also affect west-wind connection? is it "per MS design"? or am i missing something?

It doesn't affect West Wind Web Connection, because servers are not instantiated by URL, but always enter on a fixed method call.

I'm not sure why you're actually seeing that. Basically FoxISAPI does an IDispatch::Invoke() on a server with the method call. If the method does not exist the call to GetIDFromNames will fail and it should capture that error and not release the object. OTOH, I haven't looked at that code in ages so I guess I don't know if that's changed.

FWIW, you can hammer a FoxISAPI that way even without crashing it. THis is because the Reset links are openly accessible. You can just call Reset repeatedly to kill the servers. I've never liked the way FOxISAPI handles the Querystring parameters - it's dangerous in more ways than one. It's easy enough to invoke Word this way and hang it <s>... unless you careful and disable all DCOM access for Web clients except those servers you choose to let through. Most people running FI don't...

+++ Rick ---