Security needs improvement (REMOTE_HOST doesn't cut it)

VERIFIED DUPLICATE of bug 20122

Status

()

Bugzilla
Bugzilla-General
P3
normal
VERIFIED DUPLICATE of bug 20122
19 years ago
5 years ago

People

(Reporter: Terry Weissman, Assigned: justdave)

Tracking

Details

(Reporter)

Description

19 years ago
part of bugzilla's security is dependent on the REMOTE_HOST environment
variable, but it seems that apache doesn't always set that.  Need to find
the right thing to use.
(Reporter)

Comment 1

19 years ago
Reassigning to dmose@mozilla.org, who now has front-line responsibility for
all Bonsai and Bugzilla bugs.
(Reporter)

Comment 2

19 years ago
Reassigning back to me.  That stuff about me no longer being the front-line
person responsible for Bugzilla and Bonsai turned out to be short-lived.
Please pardon our confusion, and I'm very sorry about the spam.
Terry, when you find a better way of doing security please tell me about it,
because REMOTE_HOST is the only way of authenticating cookies that I could
think about when doing my own scripts (without storing passwords on the
client, which is even worse), and using cookies is the only way I have found of
not asking someone to login for every form!
(Reporter)

Updated

18 years ago
Status: NEW → ASSIGNED
QA Contact: matty
(Reporter)

Comment 4

18 years ago
tara@tequilarista.org is the new owner of Bugzilla and Bonsai.  (For details,
see my posting in netscape.public.mozilla.webtools,
news://news.mozilla.org/38F5D90D.F40E8C1A%40geocast.com .)
Assignee: terry → tara
Status: ASSIGNED → NEW
The solution is to use Digest Authentication or Basic Authentication and SSL.

*** This bug has been marked as a duplicate of 20122 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 6

17 years ago
Verified dupe.
Status: RESOLVED → VERIFIED
moving to Bugzilla product
reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: tara → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.