I actually don't remember emailing you! Guess I did! Do both. And anything else you think of Wrapping everything in a try catch would be good to check the length is correct and that you don't try and read too much (that would throw an exception so could be used maliciously) I would ReadInt and then validate the int, if it's the wrong type then hopefully are it will fail validation after the read. Malicious users wouldn't get very much from changing the data type, they'll be more interested in the value, so this is really just to stop against bugs in the code.