Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#1677 closed New feature (fixed)

Add "Force SSL login" setting

Reported by: matt Owned by:
Priority: major Milestone: Piwik 1.1
Component: Core Keywords:
Cc: Sensitive: no

Description

Piwik should work nicely when loaded in https (SSL).

It would be nice to have an option to force SSL login, so that login data is always sent encrypted.

Maybe we should, if possible, check that SSL actually works at all, to prevent non ssl compatible setups to set this to true which would then prevent logins.

Note: this is similar to wordpress wp-config hack FORCE_SSL_LOGIN

Change History (7)

comment:1 Changed 4 years ago by matt (mattab)

  • Summary changed from Add Super User setting "Force SSL login" to Add "General setting" "Force SSL login"

comment:2 Changed 4 years ago by vipsoft (robocoder)

Propose also settings the Strict Transport Security header per the IETF draft.

comment:3 Changed 3 years ago by vipsoft (robocoder)

  • Milestone changed from Features requests 1.x or 2.x to 1.1 - Piwik 1.1

FireSheep is making news. I think we can implement this for 1.1.

comment:4 Changed 3 years ago by vipsoft (robocoder)

Strict Transport Security is a wontfix (out-of-scope):

  • in a reverse proxy, we may not be able to tell if the user is using http or not, so we can't blindly force a redirect
  • the sts field is only sent in the header of a https response; this doesn't allow for auto-discovery
  • the policy applies at the domain level (not url); piwik may not be the only app hosted on this domain/subdomain

comment:5 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [3266]) fixes #1677 - added General force_ssl_login setting to global.ini.php (defaults to 0, disabled); this applies to login, lost password, and reset password forms

I opted to implement this as a config file option (instead of via General Settings), as it ensures the sysadmin has file access to change the setting, in the event the secure login doesn't work (e.g., no virtual host listening to port 443).

There are two aspects to the patch in order to handle reverse proxies:

  • checkForceSslLogin() - performs a server-side redirect if the connection isn't secure
  • header.tpl - performs a client-side redirect if the connection isn't secure

comment:6 Changed 3 years ago by vipsoft (robocoder)

  • Summary changed from Add "General setting" "Force SSL login" to Add "Force SSL login" setting

comment:7 Changed 3 years ago by matt (mattab)

added faq:

How do I force Piwik login to use SSL (https)?. Let me know if any feedback.

Note: See TracTickets for help on using tickets.