Please advise on security
Steven Tierney
steven_tierney at yahoo.co.uk
Tue Jun 5 15:57:06 UTC 2012
Hi,
I have developed a new extension for Bugzilla. It uses the web service
to access previously entered bug information in order to suggest
autocomplete data for custom fields. Using jQuery, it's fully
configurable through Bugzilla web pages accessible from within the
Administration area.
There are security implications here because it will potentially expose
bug data which might otherwise be secure. For that reason I need advice
on how to verify in the web service that
1. a user is logged in and,
2. is cleared to access bug data.
I did check the Bugzilla source files but, not being very used to coding
in Perl and not knowing how security 'works' in Bugzilla, I don't know
where to start!
I wonder if anyone can point me towards some documentation or give
advice / code snippets that may help.
The validation has to happen in the Webservice.pm file of the extension.
Thanks in advance!
---
Steven
More information about the developers
mailing list