Faculty SS 8.7.1 Release Guide

Banner Faculty and AdvisorSelf-ServiceRelease GuideRelease 8.7.1February 2015/nWithout limitation: Ellucian®, Banner®, Coll eague®, and Luminis® are trademarks of the Ellucian group of companies that are reg istered in the U.S. and certain other countries; and Ellucian AdvanceŽ, Ellucian Course SignalsŽ, Ellucian Degree WorksŽ, Ellucian PowerCampus Ž, Ellucian RecruiterŽ, Ellucian SmartCallŽ, are also trademarks of the Ellucian group of companies. Other names may be trademarks of their respective owners. © 2015 Ellucian. Contains confidential and proprietary information of Ellucian and its subsidiaries. Use of these materials is limited to Elluci an licensees, and is subject to the terms and conditions of one or more written li cense agreements between Ellucian and the licensee in question. In preparing and providing this publicati on, Ellucian is not rendering legal, accounti ng, or other similar professional service s. Ellucian makes no claims that an institution's use of this publication or the soft ware for which it is provided will guarantee compliance with ap plicable federal or state laws, rules, or regulations. Each organiza tion should seek legal, accounting, and other similar professional services from comp etent providers of the organization's own choosing. Prepared by: Ellucian 4375 Fair Lakes Court Fairfax, Virginia 22033 United States of America Revision History Publication DateSummary February 2015 New version that supports Banner Fa culty and Advisor Self-Service 8.7.1 software. /n 3Banner Faculty and Advisor Self-Service Release Guide |Contents Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Updated Security Scan Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . .5 Self-Service Data Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 /n 4Banner Faculty and Advisor Self-Service Release Guide |Introduction IntroductionThe Banner® Faculty and Advisor Self-Service 8.7.1 release contai ns updates to self- service pages for the following enhancements. ŁSecurity Scan Error Handling ŁSelf-Service Data Validation /n 5Banner Faculty and Advisor Self-Service Release Guide |Updated Security Scan Error Handling Updated Security Scan Error HandlingThe security scan report lists several types of errors. One type applies to Self-Service pages where exception handling is not present or is not performed properly. The following Oracle errors are in this category. ŁORA-01403 - No data found. ŁORA-I06502 - PL/SQL: Numeric or value error: character string buffer too small. ŁORA-06502 - PL/SQL: Numeric or value error: character to number conversion error. ŁORA-01858 - A non-numeric character was found where a numeric was expected. Code for exception handling has been added to Self-Service pages as appropriate. Updated error messages display the page title and the error text and are more informational for the user. The Oracle erro r number is not displayed. For example, Error occurred while processing final grad e changes. ERROR: No data found .Numerous BWLKXXXX packages and the associ ated procedures have been updated for these changes. /n 6Banner Faculty and Advisor Self-Service Release Guide |Self-Service Data Validation Self-Service Data Validation The possibility existed for inappr opriate information to be displa yed in Banner Self-Service pages. Banner Web Tailor has added validation checks to prevent unsanitized HTML from being executed or injected into the pages. Data from HTP calls is now validated before being sent to the Self-Service pages and displayed to the user. The exception to the validation checking is data that is user- defined, such as Information Text (HTML). See the Banner Web Tailor 8.6.1.1 patch documentation for more information. There are three main types of Self-Service data entry that are validated: ŁWhen invalid characters are entered directly into a Self-Service page, an error message is displayed to the user to re-enter the data or contact an administrator. ŁWhen field values are included in a URL, the system displays an access error message or a cross site scripting error. ŁWhen a modified HTML file is used to load invalid data, the system displays an error and code information for the failed execution. Numerous BWLKXXXX and BWCKXXXX packages and the associated procedures have been modified to use the new validation checks. /n

Banner_Faculty_and_Advisor_Self-Service_Release_Guide_8.7.1.pdf (75.9 KB)
Helpful?

Related Articles: