You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
http://developer.piwik.org/api-reference/tracking-javascript#user-id and some other pages document people should use username and email address for userid. That is a serious security flaw and will lead to dataprotection troubles. Normally login forms and personal data must always posted/transfered via SSL protected forms as these tell pyring eyes at least one or two factors of a login credential.
If people add the email as userid these will also be added to non-ssl pages what is a serious data protection issue on unencrypted wires.
People should always use a uuid or hashing the username/email, but never use the real value.
Please remove all these documentation references and make clear people should never use these raw values.
The text was updated successfully, but these errors were encountered:
make clear people should never use these raw values.
there are many cases where usernames are already in the webpages content eg. in JS variables or in the DOM. Same with email address. So "should never" is wrong here.
in general it is responsability of each webmaster to measure their data securely. I hope that most people who have a login form on their website will deliver all pages once user is logged-in via SSL. If they don't then it would leak the auth cookie which is much worse than leaking username or email.
So the point of unencrypted wires for User ID does not make a lot of sense since User ID will only be used when users are logged -in which should be done securely to ensure safety of auth cookie.
I'm sorry, but this is not correct. Well if a user logs in it will be encrypted, but if I make one more click I'm on HTTP and no longer on HTTPS. It's not required to stay at SSL after a login. You only need to protect the login itself.
With your documentation people will start using email address as UserID and this is always send over the wire unencrypted.
The session cookie will be destroyed after I hit logout or after time. My Emailaddress is not destroyed after I hit the logout button.
no you need to also protect pages once you are logged-in, otherwise the session cookie will be stealable by a man-in-the-middle attack (similar attack that would reveal username/email as you point out)
My Emailaddress is not destroyed after I hit the logout button.
http://developer.piwik.org/api-reference/tracking-javascript#user-id and some other pages document people should use username and email address for userid. That is a serious security flaw and will lead to dataprotection troubles. Normally login forms and personal data must always posted/transfered via SSL protected forms as these tell pyring eyes at least one or two factors of a login credential.
If people add the email as userid these will also be added to non-ssl pages what is a serious data protection issue on unencrypted wires.
People should always use a uuid or hashing the username/email, but never use the real value.
Please remove all these documentation references and make clear people should never use these raw values.
The text was updated successfully, but these errors were encountered: