<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV>Hi,</DIV>
<DIV>Thanks for info. We actually already tried getting the token and passing it to the update and it worked, but we are curious about whether this can be bypassed at all since we do the update through a script. Anyway, if this is not configurable at all, I guess we will just do what is needed. </DIV>
<DIV> </DIV>
<DIV>Thanks again for your help in such a timely manner.</DIV>
<DIV> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR>
<DIV style="FONT-SIZE: 13px; FONT-FAMILY: arial, helvetica, sans-serif"><FONT face=Tahoma size=2>
<HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Frédéric Buclin <lpsolit@gmail.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> developers@bugzilla.org<BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Wednesday, April 22, 2009 4:04:13 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: About Bugzilla 3.2.2 process_bug.cgi<BR></FONT><BR>Le 23.. 04. 09 01:02, Question Bugzilla a écrit :<BR>> Thank you very much for the quick response. So under no condition, there is a way to bypass the check even though we are accessing it behind our own firewall internally.<BR><BR>It's very easy to get a valid token. Just look at the XML version of the bug, and extract the token which is there. Note that you need a new token every time the bug changes.<BR><BR>LpSolit<BR>-<BR>To view or change your list settings, click here:<BR><http://bugzilla.org/cgi-bin/mj_wwwusr?user=bugzillaquestion@yahoo.com><BR></DIV></DIV></div><br>
</body></html>