PeopleSoft <LONGCHAR >and <VARCHAR> Data Upload

2003-10-08T00:00:00
ID SECURITYVULNS:DOC:5227
Type securityvulns
Reporter Securityvulns
Modified 2003-10-08T00:00:00

Description

Vendor: PeopleSoft Solution ID: 200749181 Product: People Tools Version: 8.42, Others? Platform: Solaris 8, BEA WebLogic, Others? Remote/Local: Remote, Authenticated Title: Character Field Length Impact: Possible denial of service.

Description:
LONGCHAR and VARCHAR fields allow potentially large amounts of data to be uploaded. These fields default to the maximum allowed size for their data type established on the database.

Vendor Solution:
The database can be configured to limit the size of these data types, however, this should be tested to assess the impact to the application. Consider also looking at modifying the field definitions within the Application. Restricting size with the field definition would prevent using these LONG fields to upload large amounts of data. Note that making any changes to the delivered application is considered to be a customization beyond the scope of the Global Support Center. Make sure and take a backup of the data before making such changes.

Vendor Trail:
3 June 03 PeopleSoft contacted 3 June 03 PeopleSoft confirms 24 June 03 PeopleSoft teleconference 19 July 03 PeopleSoft posts to Customer Connection

Contributers:

Barrett McGuire Larry Wargo Matt Fotter