Please advise on security
Steven Tierney
steven_tierney at yahoo.co.uk
Wed Jun 6 19:08:15 UTC 2012
Sounds like that's where I need to look then. It's an obvious place to look but sometimes one stares at a problem for so long that the obvious goes unnoticed!
Thanks again,
---
Steven
________________________________
From: Marc Schumann <wurblzap at gmail.com>
To: Steven Tierney <steven_tierney at yahoo.co.uk>
Cc: "developers at bugzilla.org" <developers at bugzilla.org>
Sent: Wednesday, 6 June 2012, 11:59
Subject: Re: Please advise on security
Steven,
unless you use ENV authentication (which you probably don't), Bugzilla uses cookies to identify the logged in user. I believe Javascript sends these unless you did something so that it doesn't, so you should be fine...
Maybe you can take a look at what YAHOO.bugzilla.userAutocomplete does (in js/field.js), calling User.get (in Bugzilla/WebService/User.pm). User.get calls can_see_user, referencing the logged in user, and it works. Maybe you can use this as a template for your web service call.
Best
Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20120606/7d91fc61/attachment.html>
More information about the developers
mailing list