PeopleSoft <LONGCHAR >and <VARCHAR> Data Upload

info_at_i-assure.com
Date: 10/07/03

  • Next message: GreyMagic Software: "RE: IE 6 XML Patch Bypass"
    Date: 7 Oct 2003 21:01:08 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Vendor: PeopleSoft
    Solution ID: 200749181
    Product: People Tools
    Version: 8.42, Others?
    Platform: Solaris 8, BEA WebLogic, Others?
    Remote/Local: Remote, Authenticated
    Title: Character Field Length
    Impact: Possible denial of service.

    Description:
    LONGCHAR and VARCHAR fields allow potentially large amounts of data to be uploaded. These fields default to the maximum allowed size for their data type established on the database.

    Vendor Solution:
    The database can be configured to limit the size of these data types, however, this should be tested to assess the impact to the application. Consider also looking at modifying the field definitions within the Application. Restricting size with the field definition would prevent using these LONG fields to upload large amounts of data. Note that making any changes to the delivered application is considered to be a customization beyond the scope of the Global Support Center. Make sure and take a backup of the data before making such changes.

    Vendor Trail:
    3 June 03 PeopleSoft contacted
    3 June 03 PeopleSoft confirms
    24 June 03 PeopleSoft teleconference
    19 July 03 PeopleSoft posts to Customer Connection
                            

    Contributers:

    Barrett McGuire
    Larry Wargo
    Matt Fotter


  • Next message: GreyMagic Software: "RE: IE 6 XML Patch Bypass"