Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ask for confirmation before granting Anonymous user a "view" permission on any website #11703

Closed
mattab opened this issue May 16, 2017 · 0 comments · Fixed by #11744
Closed
Assignees
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone

Comments

@mattab
Copy link
Member

mattab commented May 16, 2017

Currently, granting "View" permission on the "anonymous" user is done without asking for permission. In one click, one may by mistake grant anyone access to view the reports for a given website.

-> In order to prevent any misclick or unexpected click, let's ask for a confirmation before granting anonymous user permission view permission on any website (via a yes/no model and a clear warning message).

Proposed message "You are about to grant the anonymous user the 'view' access to this website. This means your analytics reports and your visitors information will be publicly viewable by anyone even without a login. Are you sure you want to proceed?"

@mattab mattab added c: Usability For issues that let users achieve a defined goal more effectively or efficiently. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. labels May 16, 2017
@mattab mattab added this to the 3.0.5 milestone May 16, 2017
@sgiehl sgiehl self-assigned this May 29, 2017
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Sep 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. c: Usability For issues that let users achieve a defined goal more effectively or efficiently. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants