@mattab opened this Issue on May 20th 2020 Member

Currently users who want to secure their Matomo installation as much as possible need to follow recommendations in https://matomo.org/docs/security-how-to/

as part of this guide, it would make sense if could add one more step which would be to Prevent Super Users from installing or activating new plugins from the Marketplace. Without this step, any super user could install any plugin from the marketplace which wouldn't necessarily be secure. (to be very secure, one company may decide to individually review plugins before enabling them. super users shouldn't be able to install plugins from marketplace ideally).

Current situation

  1. we set enable_plugin_upload = 0 by default which prevents new plugins from being "uploaded" manually, but still the marketplace can be used
  2. one can disable the Marketplace plugin, but it can be re-enabled via the UI anyway so that doesn't work (and disabling marketplace means you lose the security benefits of checking for updates for existing plugins)

Proposed solution

So ideally we need a new feature/INI setting for example: enable_install_plugin_from_marketplace set to 1 by default, but when set to 0 then the feature to download the code from marketplace would be disabled (with a popup explaining why and which setting to change if needed).

Powered by GitHub Issue Mirror