Allow IDLs created after IS services to use limited size arrays instead of only variable-size arrays

Currently, IDLs created after IS services that interchange arrays do not have the capability of limiting the number of occurrences of these arrays, but they always use variable size arrays. This can pose a security risk, making it easy for attackers to send a very large number of occurrences through EntireX and overflowing the server resources.

This could be avoided if EntireX IDLs and/or IS doctypes (see also https://webmethods.ideas.aha.io/ideas/IS-I-44 ) would have the ability to both declare at design time, and enforce at runtime, arrays of a limited size.

Moreover, this enforcement of the limit should be implemented in a safe way, so that the check is made before all the occurrences reach the server, in order to prevent that overflowing .

More details in incident SI-485341 .

Use Case

webMethods Adapter for EntireX

Post comment

The Adabas & Natural by Software AG Ideas Portal is hosted by Aha! Labs Inc.. Therefore, personally identifiable information are processed by Aha! Labs Inc., a company based in the United States of America. By using this Ideas Portal you agree to the Terms of Service of Aha! Labs Inc.. For further information about Aha’s handling of your personally identifiable information, please go to: https://www.aha.io/legal/security/gdpr.

Please enter your email address

RELATED IDEAS

Allow IDLs created after IS services to use limited size arrays instead of only variable-size arrays