Multiple people have extended the field beyond 255 chars, but I wouldn't recommend doing that. Remedy seems to use character arrays with c functions like strcpy, strcat, etc. It would be better if they used calls like strncpy, strncat, and the likes, but it's an old code base. The header files define the assignee group at 255 characters, and I can only assume that the structs used to store information on the server side use these defines for character buffers, but if these calls are used to write to a buffer, you get into buffer overflow problems which can lead to one or more problems: - corrupted memory (random server crashes and other unexpected behavior) - potential for buffer overflow exploits (execution of arbitrary shell code on the server); may have to pull out a noop slide and see if I can write to an executable region of memory on various platforms.
Axton Grams On 7/3/07, Mike Balogh <[EMAIL PROTECTED]> wrote:
** Hi all - I'm currently implementing a system on ARS 7.01 (SQL 2005 backend) which calls for the security of row-level access to records on certain forms. Some records may need to be accessed by quite a few groups or users, which is becoming a problem due to the length limit of 255 characters on field 112, Assignee Group. I've done some initial testing with Assignee Group expanded to 512 characters and it seems to work fine. However, I'm hesitant to say that it will work perfectly without asking around first due to the multiple places within Remedy documentation that it states the field length limit of 255. Has anyone tried expanding this field beyond 255? If so, how big did you go? And did you experience security or other issues? Thanks in advance, ~Mike --- Michael J Balogh Wingspan Systems Inc. [EMAIL PROTECTED] __20060125_______________________This posting was submitted with HTML in it___
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
