Closed Bug 3614 Opened 26 years ago Closed 24 years ago

Security needs improvement (REMOTE_HOST doesn't cut it)

Categories

(Bugzilla :: Bugzilla-General, defect, P3)

x86
Linux
defect

Tracking

()

VERIFIED DUPLICATE of bug 20122

People

(Reporter: terry, Assigned: justdave)

Details

part of bugzilla's security is dependent on the REMOTE_HOST environment variable, but it seems that apache doesn't always set that. Need to find the right thing to use.
Reassigning to dmose@mozilla.org, who now has front-line responsibility for all Bonsai and Bugzilla bugs.
Reassigning back to me. That stuff about me no longer being the front-line person responsible for Bugzilla and Bonsai turned out to be short-lived. Please pardon our confusion, and I'm very sorry about the spam.
Terry, when you find a better way of doing security please tell me about it, because REMOTE_HOST is the only way of authenticating cookies that I could think about when doing my own scripts (without storing passwords on the client, which is even worse), and using cookies is the only way I have found of not asking someone to login for every form!
Status: NEW → ASSIGNED
QA Contact: matty
tara@tequilarista.org is the new owner of Bugzilla and Bonsai. (For details, see my posting in netscape.public.mozilla.webtools, news://news.mozilla.org/38F5D90D.F40E8C1A%40geocast.com .)
Assignee: terry → tara
Status: ASSIGNED → NEW
The solution is to use Digest Authentication or Basic Authentication and SSL. *** This bug has been marked as a duplicate of 20122 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
moving to Bugzilla product reassign to default owner/qa for INVALID/WONTFIX/WORKSFORME/DUPLICATE
Assignee: tara → justdave
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.