@mattab opened this Issue on March 6th 2012 Member

WE should make it clear that tracking_requests_require_authentication should not be used on public facing Piwik servers. It would allow anyone to push data with a custom date in the past or future, or create artificial visits using custom IPs. This is a security issue to use this setting on publicly available servers.

@mattab commented on March 6th 2012 Member

(In [5978]) Fixes #3016
Clarify in the doc that tracking_requests_require_authentication should not be used on public facing Piwik servers since it would allow anyone to push data in the past, future, or with custom IP, which is a security concern

This Issue was closed on March 6th 2012
Powered by GitHub Issue Mirror