Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Discourage the use of the config setting tracking_requests_require_authentication=0 #3016

Closed
mattab opened this issue Mar 6, 2012 · 1 comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Mar 6, 2012

WE should make it clear that tracking_requests_require_authentication should not be used on public facing Piwik servers. It would allow anyone to push data with a custom date in the past or future, or create artificial visits using custom IPs. This is a security issue to use this setting on publicly available servers.

@mattab
Copy link
Member Author

mattab commented Mar 6, 2012

(In [5978]) Fixes #3016
Clarify in the doc that tracking_requests_require_authentication should not be used on public facing Piwik servers since it would allow anyone to push data in the past, future, or with custom IP, which is a security concern

@mattab mattab added this to the 1.12.x - Piwik 1.12.x milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Development

No branches or pull requests

1 participant