New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Piwik asks for write access to lots of files #10706
Comments
I also had to change the tmp directory in the global.php due to security reasons. We should have the option to configure this directory in the config.ini.php |
thanks for the great feedback and summary of important security topics 👍
good point. Created #10855 for this.
Yes writable config is needed by design. (mostly because we store list of activated plugins in config) typically you make file writable while update is running then make it read only again. Is there maybe other issues with this?
created #10854
Yes by design we encourage to use the Marketplace because of the huge value it provides. We also however make it easy to disable the Marketplace, simply deactivate the marketplace plugin (in Piwik 2.17.0 where marketplace was vastly improved!)
you can signup here: http://madmimi.com/signups/139168/join - we need to show it on the website, covered in #7063 (comment)
for this we use PGP signature. it's documented in http://piwik.org/blog/2014/11/verify-signatures-piwik-packages/ and we'll show this in download page soon #10687 Feel free to open new issues or post further feedback here 👍 |
Sorry, I can't accept this as a solution. The config file is a PHP file, so any code in it will be executed. This means that the application should not be able to write to it, because if it can write to the file, it can inject code. |
that's a nice idea! it could technically be done in the future. Feel free to create a separate issue (as the scope would be smaller than this current issue) 👍 |
Hello, I am also looking similar kind of requirement where I don't want to give write permission to config.ini.php file I want to manage through system administrators update the file rather than browser update the configuration file.Please let me know any solution to achieve this. Currently it's blocker. |
Piwik 2.16.5 intends to be secure, but asks for permissions to overwrite parts of itself all the time. From a security standpoint, this is unacceptable.
Here are some examples:
piwik.js
writable. It even says "In the future even some core features might not work as expected".config/config.ini.php
is not writabletmp
dir is required to be writable, and is placed in the piwik directory served by the webserver (like everything else). We should have the option to keep this directory somewhere else, such as/tmp/piwik
There are some other security issues as well, that make me uncomfortable using piwik for a large site.
The text was updated successfully, but these errors were encountered: