Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request for cookie encryption #3949

Open
anonymous-matomo-user opened this issue May 22, 2013 · 3 comments
Open

Feature request for cookie encryption #3949

anonymous-matomo-user opened this issue May 22, 2013 · 3 comments
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.

Comments

@anonymous-matomo-user
Copy link

Hi,

this is my first time I open such a ticket, so I apologize if I make any mistakes here.

Like discussed in the forum, I suggest to implement the option to encrypt cookie content to solve two non trivial security issues.
The first is to prevent users from manipulate the cookie content and the second is for better cooperation with security tools like Mod-Security.

For this purpose I try to implement a blowfish class to transparently encrypt everything you like.
Find my patchfile attached to this ticket.

By now I need help and someone who have a deeper understanding what piwik does internally.
So here is my first try.

Keywords: blowfish, cookie encryption

@anonymous-matomo-user
Copy link
Author

Attachment: Patch created against master commitpoint 6257f0655ae8fc8ca6b99f700783f3d0f18dbf35
cookie_encryption.patch

@robocoder
Copy link
Contributor

For Piwik 2.0, it might be easier to simply drop our setcookie wrapper and advise users to use Suhosin's built-in cookie encryption.

@halfdan
Copy link
Member

halfdan commented May 22, 2013

@vipsoft, Suhosin is dead. There hasn't been any release for PHP 5.4 nor 5.5 and there most likely will never be any.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Development

No branches or pull requests

4 participants