Currently, IDLs created after IS services that interchange arrays do not have the capability of limiting the number of occurrences of these arrays, but they always use variable size arrays. This can pose a security risk, making it easy for attackers to send a very large number of occurrences through EntireX and overflowing the server resources.
This could be avoided if EntireX IDLs and/or IS doctypes (see also https://webmethods.ideas.aha.io/ideas/IS-I-44 ) would have the ability to both declare at design time, and enforce at runtime, arrays of a limited size.
Moreover, this enforcement of the limit should be implemented in a safe way, so that the check is made before all the occurrences reach the server, in order to prevent that overflowing .
More details in incident SI-485341 .
|Use Case||webMethods Adapter for EntireX|