New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let admins disable the password reset functionality #8521
Comments
Can you explain why it would be not good to have it though? Are there concerns that it will be misused? |
Well it could be misued - probably, yes. Every input field could be a possible attack vector for XSS attacks. |
And a user who knows the mail or username of an Piwik user can lock him out by just recover his password and set the password to some rubbish. |
No, it is not possible. Before the password is changed, the user will have to click the link in the password reset email. IMO we don't need this feature in core, so i'm closing. However disabling password reset could be done (I think quite easily) in a small new plugin. |
We just ran into an issue today on one of our Piwik installations where a malicious user attempted a password reset form the public server. Fortunately we caught it and discarded the message, however it is much too easy for someone to mistakenly click the approval link (even unintentionally as it's long enough to span three lines). Especially if the attackers spam the system with a lot of requests, it would DoS our inboxes if nothing else. This would not be such a big issue if it wasn't a one click change, but as it is implemented now it is very insecure. Can you please allow this to be disabled (it can be a simple config line in global.ini) or at least point to the plugin that does it or how it should be deployed? Thank you, |
That's a good real-world example of the consequences of such unnecessary features. I agree that the admin should be able to disable it. |
Hello, has there been any development on that plugin that was mentioned above? Or perhaps something that can be added in Piwik 3.0? Thanks, |
There has been no development and it won't be done for Piwik 3.0 (as our team is too small & under resourced to tackle such issues) |
Anyway nice to see that other users would like to have this feature too. |
This is quite unfortunate, especially as you are trying to position Piwik as more of an "enterprise-ready" piece of software, as security details such as this can be a blocker to adoption. That being said though, as you will not work on this feature, could you please provide pointers to the best way this could be achieved with a plugin? From reading the plugin documentation, it seems it would be quite easy to add items to the interface but it's not very clear how one would go about removing functionality that is already present. It could perhaps work with some CSS/JS hack but that's not a clean way of doing it... Any information will be appreciated. Thank you, |
Well... why create a plugin? I think a PR would be superior - if Piwik accepts it. |
I was thinking about a patch as well, however the devs recommended a plugin in the conversation above so I was just going by their guidance (TBH it's been a while since I checked the Piwik code so I'm not sure what would be the easiest approach). |
Feel free to create a PR for that.
As long as the changes are easy maintainable I don't think we won't merge it
|
I'd say It would be better for us if it was done in a plugin 👍 |
Especially for small Piwik installations where only a few users have access to Piwik it's not really necessary to have a password recovery functionality. If a user should have lost his password he can just ask another user (an admin of course) to reset the password.
So please make it possible to disable the password reset functionality.
The text was updated successfully, but these errors were encountered: