API to change milestones

Tosh, Michael J michael.j.tosh at lmco.com
Thu Jul 17 16:22:22 UTC 2008


Quoting Craig:
> One small issue concerns the login. This is a script that will be run
> from another script and the entire thing is probably going to be
> automated. So, requiring a login/pw is a problem. I was thinking that
> the Perl script could look for env var with the desired login to use.
> (Basic idea is to create a generic account for all "automated
> processes.") 

I'd suggest using ~/.netrc.

machine <name or url>
login <email or userid>
password <password>

You could even authenticate against the extern_id in the profiles table
as another option.
 
> As far as security, I figured that if someone has access to the
> scripts, then they probably have access to "localconfig", which means
> they can 
> cause a lot more damage. Is this a reasonable assumption? (I realize
> that the permissions CAN be different, but I don't know how common
> that is.) 

You may want to write a very simple c/c++ program that calls your
script.  That c program could have a sticky bit set so that it can be
run as another user under the owner's permissions.  Then the user won't
have read access to localconfig, but the script could.



More information about the developers mailing list