[Techtalk] Securing Bugzilla (possibly OT)
Nicole Zimmerman
colby at wsu.edu
Wed Dec 19 13:20:39 EST 2001
If you use Bug Groups, you can make it so that people *have* to be logged
into view bugs -- and even then, people who are logged in can only see
bugs that are in their group. This pissed off my engineers (we use
Bugzilla internally) so it should be good for your purpose ;o) A group is
then associated with every product in the system.
It's under the 'parameters' configuration. When someone files a new bug,
they will be able to choose whether only people in that group can see the
bug or if it is a 'public' bug. You could always take away that option and
force it to not be public.
I have hammered on Bugzilla a lot, so if you have any questions, I will
try to help ;o)
-nicole
At 11:53 on Dec 19, mia at miaridge.com combined all the right letters to say:
> I've been assigned the task of setting up and administering Bugzilla for
> my company.
>
> It's running on a publicly accessible web server, and I need to make
> sure that unauthorised people can't view our bugs if they stumble across
> the page.
>
> Is there a way to set up Bugzilla so that you need to log in to view bugs
> or get anywhere past the first screen, or should I use something like
> Basic Authentication and .htaccess.
>
> Any suggestions or general words of wisdom about running Bugzilla will be
> much appreciated! (I'd never even used it before being ask to set it up).
More information about the Techtalk
mailing list