Please advise on security
Marc Schumann
wurblzap at gmail.com
Wed Jun 6 10:59:07 UTC 2012
Steven,
unless you use ENV authentication (which you probably don't), Bugzilla uses
cookies to identify the logged in user. I believe Javascript sends these
unless you did something so that it doesn't, so you should be fine...
Maybe you can take a look at what YAHOO.bugzilla.userAutocomplete does (in
js/field.js), calling User.get (in Bugzilla/WebService/User.pm). User.get
calls can_see_user, referencing the logged in user, and it works. Maybe you
can use this as a template for your web service call.
Best
Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20120606/79af85bc/attachment.html>
More information about the developers
mailing list