Please advise on security

Marc Schumann wurblzap at gmail.com
Tue Jun 5 16:15:42 UTC 2012


Steven,

use Bugzilla->user to find out whether the user is logged in (see
http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla.html).
Check out http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/User.html,
too -- there are some can_see_* methods which may be of use to you.

Further reading is at http://www.bugzilla.org/docs/tip/en/html/api/.

   Good luck
      Marc

2012/6/5 Steven Tierney <steven_tierney at yahoo.co.uk>

> Hi,
>
> I have developed a new extension for Bugzilla.  It uses the web service to
> access previously entered bug information in order to suggest autocomplete
> data for custom fields.  Using jQuery, it's fully configurable through
> Bugzilla web pages accessible from within the Administration area.
>
> There are security implications here because it will potentially expose
> bug data which might otherwise be secure.  For that reason I need advice on
> how to verify in the web service that
> 1. a user is logged in and,
> 2. is cleared to access bug data.
>
> I did check the Bugzilla source files but, not being very used to coding
> in Perl and not knowing how security 'works' in Bugzilla, I don't know
> where to start!
>
> I wonder if anyone can point me towards some documentation or give advice
> / code snippets that may help.
>
> The validation has to happen in the Webservice.pm file of the extension.
>
>
> Thanks in advance!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20120605/929ab622/attachment.html>


More information about the developers mailing list