There is currently no security alert sent when the anonymous user is enabled for a Matomo instance. It also doesn't require a password for verification.
This means that any user that can set access for user accounts for a site/measurable could enable it without properly reading the warning and allow public access to their reports.
It would be good from a security perspective to do the following:
Would you mind defining what the expected behavior should be when selecting multiple users (including anonymous) in the list and giving all view
access at once? Currently not even the additional access warning is shown in that case.
FYI it's actually too easy to give an anonymous user view access by accident. Especially using the multi select. Maybe an anonymous user cannot be enabled in the UI along with other users in the future?
And/or maybe ideally the anonymous
user wouldn't appear in the users list until specifically enabled to appear there. We could always show eg this menu item:
and have a setting to enable/disable the anonymous user setting feature (just a random example).
Just few ideas.
Just confirm the changes for this issue. @mattab @tsteur
anonymous user
to enable/disable, require password confirmation on change.anonymous user
from the user manage
pageQuestion:
anonymous user
access is being changed?@mattab can you please offer your thoughts on @peterhashair's approach and questions here?
Additionally:
The proposed new screen (inspired by https://user-images.githubusercontent.com/273120/184553332-1de9f682-9e77-4f1a-93d6-3863d84aa9dc.png) & email message microcopy will be provided by @Javi-Ormaechea shortly
@mattab any update on this?