Forum OpenACS Q&A: Re: Security: cgi-bin/cachemgr.cgi A*4096 attack?

Collapse
2: Re: Security: cgi-bin/cachemgr.cgi A*4096 attack? (response to 1)
Posted by Don Baccus on 10/27/04 12:58 AM
Looks like Oracle varchars are limited to 4096 characters ... which we already know, right?

It's converting the bindvar to a varchar in order to do the comparison.

I'd say that it's probably not worth bothering to change the code to return a more immediately comprehensible error message.