Enable MySQL Strict mode as best practise and security improvement #9920

mattab · 2016-03-13T23:54:30Z

The goal of this issue is to enable MySQL strict mode in Piwik.

MySQL strict mode is a setting that implements a best practise around data management
MySQL strict mode results in better security for Piwik users. Why? Currently as we are not using Strict mode, sometimes values with special unicode characters could be automatically truncated before being inserted. Why is data truncation a possible security issue? when values are truncated before being inserted in the DB, this can open up the application to certain vulnerabilities such as XSS, under special circumstances. For example see this XSS in Wordpress (tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress.)

We would like to bring the best security practises to Piwik and strict mode would be a valuable security improvement.

Currently, some plugin's dimensions (database table columns) are not NULLAble. Therefore when inserting a tracking request and if one of these not NULLable dimensions does not have a value, the INSERT in MySQL would fail in strict mode, causing data loss.
- When we previously added STRICT_TRANS_TABLES in Piwik, this data loss made us revert the change. Reported in Field 'location_browser_lang' doesn't have a default value In query #8853 and fixed in https://github.com/piwik/piwik/pull/8930/files
To prevent any data loss in Strict Mode, we need to modify all tracker dimensions in core and in all plugins (log_*.* columns) to be NULLable. Covered in Make all log_* tables fields NULLable to prevent errors "Field 'X' doesn't have a default value" #9231 (Make all log_* tables fields NULLable to prevent errors "Field 'X' doesn't have a default value").
- Maybe we could also preset the dimension's value to non NULL value, when a dimension's value is not defined, to prevent strict mode from issuing a warning and discarding the INSERT?
To make sure any data loss or warning during tracker is reported to Piwik users/admins, we need a stronger error reporting mechanism to communicate such issues automatically to Piwik administrators. Covered in How to detect any failure during Tracker requests and pro-actively inform Piwik admin of such error #7550 (How to detect any failure during Tracker requests and pro-actively inform Piwik admin of such error)

(also refs Require Mysql 5.5 #9107 and making utf8mb4 the collation by default #9785)

The text was updated successfully, but these errors were encountered:

Patta · 2020-05-05T12:53:02Z

+1

tsteur · 2024-01-03T02:54:19Z

If you can think of a way to exploit this, please report the issue via https://hackerone.com/matomo/ for a bounty.

mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Mar 13, 2016

mattab added this to the 3.0.0 milestone Mar 13, 2016

mattab mentioned this issue Sep 27, 2016

Disabled UserCountry plugin fails on some MySQL versions #10472

Closed

mattab modified the milestones: Priority Backlog (Help wanted), Backlog (Help wanted) Dec 12, 2023

Provide feedback