Please advise on security

Steven Tierney steven_tierney at yahoo.co.uk
Tue Jun 5 15:57:06 UTC 2012


Hi,

I have developed a new extension for Bugzilla.  It uses the web service 
to access previously entered bug information in order to suggest 
autocomplete data for custom fields.  Using jQuery, it's fully 
configurable through Bugzilla web pages accessible from within the 
Administration area.

There are security implications here because it will potentially expose 
bug data which might otherwise be secure.  For that reason I need advice 
on how to verify in the web service that
1. a user is logged in and,
2. is cleared to access bug data.

I did check the Bugzilla source files but, not being very used to coding 
in Perl and not knowing how security 'works' in Bugzilla, I don't know 
where to start!

I wonder if anyone can point me towards some documentation or give 
advice / code snippets that may help.

The validation has to happen in the Webservice.pm file of the extension.


Thanks in advance!
---
Steven




More information about the developers mailing list