About Bugzilla 3.2.2 process_bug.cgi
Question Bugzilla
bugzillaquestion at yahoo.com
Wed Apr 22 23:14:15 UTC 2009
Hi,
Thanks for info. We actually already tried getting the token and passing it to the update and it worked, but we are curious about whether this can be bypassed at all since we do the update through a script. Anyway, if this is not configurable at all, I guess we will just do what is needed.
Thanks again for your help in such a timely manner.
________________________________
From: Frédéric Buclin <lpsolit at gmail.com>
To: developers at bugzilla.org
Sent: Wednesday, April 22, 2009 4:04:13 PM
Subject: Re: About Bugzilla 3.2.2 process_bug.cgi
Le 23. 04. 09 01:02, Question Bugzilla a écrit :
> Thank you very much for the quick response. So under no condition, there is a way to bypass the check even though we are accessing it behind our own firewall internally.
It's very easy to get a valid token. Just look at the XML version of the bug, and extract the token which is there. Note that you need a new token every time the bug changes.
LpSolit
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=bugzillaquestion@yahoo.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20090422/cebb5512/attachment.html>
More information about the developers
mailing list