Skip to Main Content
Status Under Review
Workspace EntireX
Created by Javier Camara
Created on Nov 8, 2022

Allow IDLs created after IS services to use limited size arrays instead of only variable-size arrays

Currently, IDLs created after IS services that interchange arrays do not have the capability of limiting the number of occurrences of these arrays, but they always use variable size arrays. This can pose a security risk, making it easy for attackers to send a very large number of occurrences through EntireX and overflowing the server resources.

This could be avoided if EntireX IDLs and/or IS doctypes (see also ) would have the ability to both declare at design time, and enforce at runtime, arrays of a limited size.

Moreover, this enforcement of the limit should be implemented in a safe way, so that the check is made before all the occurrences reach the server, in order to prevent that overflowing .

More details in incident SI-485341 .

Use Case webMethods Adapter for EntireX