Enable MySQL Strict mode as best practise and security improvement #9920
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
The goal of this issue is to enable MySQL strict mode in Piwik.
Why enabling Strict mode?
tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress.
)We would like to bring the best security practises to Piwik and strict mode would be a valuable security improvement.
Requirements
STRICT_TRANS_TABLES
in Piwik, this data loss made us revert the change. Reported in Field 'location_browser_lang' doesn't have a default value In query #8853 and fixed in https://github.com/piwik/piwik/pull/8930/fileslog_*.*
columns) to be NULLable. Covered in Make all log_* tables fields NULLable to prevent errors "Field 'X' doesn't have a default value" #9231 (Make all log_* tables fields NULLable to prevent errors "Field 'X' doesn't have a default value").(also refs Require Mysql 5.5 #9107 and making utf8mb4 the collation by default #9785)
The text was updated successfully, but these errors were encountered: