Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show a warning when Piwik is used as a SuperUser via HTTP #9305

Closed
tsteur opened this issue Nov 29, 2015 · 1 comment
Closed

Show a warning when Piwik is used as a SuperUser via HTTP #9305

tsteur opened this issue Nov 29, 2015 · 1 comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. duplicate For issues that already existed in our issue tracker and were reported previously. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Milestone

Comments

@tsteur
Copy link
Member

tsteur commented Nov 29, 2015

It is quite risky to use Piwik via HTTP as a SuperUser. We should show a warning in the admin if this is the case:

  • Explain via it is not secure / risky (man-in-the-middle, ...)
  • Recommend to setup HTTPS
  • Explain it is good practice to create a user having view access and to use this user when viewing reports etc. (eg one would also not work as root under linux all the time)
@tsteur tsteur added Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. labels Nov 29, 2015
@mattab mattab added the Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. label Dec 23, 2015
@mattab mattab added this to the Short term milestone Dec 23, 2015
@mattab
Copy link
Member

mattab commented Jan 19, 2016

Fixed in #9570

@mattab mattab closed this as completed Jan 19, 2016
@mattab mattab modified the milestones: 2.16.0, Mid term Jan 19, 2016
@mattab mattab added the duplicate For issues that already existed in our issue tracker and were reported previously. label Jan 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. duplicate For issues that already existed in our issue tracker and were reported previously. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Projects
None yet
Development

No branches or pull requests

2 participants