part of bugzilla's security is dependent on the REMOTE_HOST environment variable, but it seems that apache doesn't always set that. Need to find the right thing to use.
Reassigning to firstname.lastname@example.org, who now has front-line responsibility for all Bonsai and Bugzilla bugs.
Reassigning back to me. That stuff about me no longer being the front-line person responsible for Bugzilla and Bonsai turned out to be short-lived. Please pardon our confusion, and I'm very sorry about the spam.
Terry, when you find a better way of doing security please tell me about it, because REMOTE_HOST is the only way of authenticating cookies that I could think about when doing my own scripts (without storing passwords on the client, which is even worse), and using cookies is the only way I have found of not asking someone to login for every form!
email@example.com is the new owner of Bugzilla and Bonsai. (For details, see my posting in netscape.public.mozilla.webtools, news://news.mozilla.org/38F5D90D.F40E8C1A%40geocast.com .)
The solution is to use Digest Authentication or Basic Authentication and SSL. *** This bug has been marked as a duplicate of 20122 ***
moving to Bugzilla product reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE