Create a Secure Mode that removes some features from Piwik to increase security #6348
Labels
c: Platform
For Matomo platform changes that aren't impacting any of our APIs but improve the core itself.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
A Super User has a lot of power and with it comes a lot of responsibility. The goal of this issue is to create a new config setting eg.
secure_mode
that is disabled by default. When enabled it will limit some of the powers of Super Users.In particular it will prevent:
enable_marketplace=0
token_auth
Possibly there are other insecure items that a Super User could do that we want to limit in the secure mode?
The text was updated successfully, but these errors were encountered: