Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Concerns re: Anonymous access to SitesManager & Feedback #636

Closed
anonymous-matomo-user opened this issue Mar 29, 2009 · 4 comments
Closed
Labels
Bug For errors / faults / flaws / inconsistencies etc. duplicate For issues that already existed in our issue tracker and were reported previously.
Milestone

Comments

@anonymous-matomo-user
Copy link

Ok, I posted this before, but vipsoft seems to think user access and anonymous access are the same thing and deleted it.

vipsoft> “Oops. Given ticket #554, we won’t be blocking access to the site manager page.”

They are not the same thing. but meh.

Anyway if you goto ‘/index.php?module=SitesManager&action=displayJavascriptCode&idsite=1’ of any piwik install you will be granted access to that page without the need to log in.

Other pages are affected as well.

Personally if you restrict anonymous access to a site then ALL of that site should be blocked. Not a few pages or ones that count, but ALL of the site.

Feel free vipsof to delete this ticket, I can code so I will just fix the issue myself. But I thought I would be nice for your users (that can not code or dont have the time) to be able to trust ‘NO ACCESS’ truly means ‘NO ACCESS’.

@robocoder
Copy link
Contributor

Dupes #635.

I apologize if my critique of your bug report hurt your feelings. (BTW Your ticket was only closed, not deleted.)

If I’ve misunderstood the scope and/or severity of the issues you raised, please feel free to elaborate and/or submit a patch.

@anonymous-matomo-user
Copy link
Author

Personally I can’t understand why you think anonymous users should be able to see any data when they are set to ‘No Access’.

When I have security settings in software set to ‘No Access’ it should mean no access, at all.

But either way, I think it’s an issue, but if you beg to differ, meh.

Apart from that, piwik is quite a nice program. I wish you the best of luck.

@mattab
Copy link
Member

mattab commented Mar 29, 2009

(In 1039) refs #636 for the sake of consistency, but this page does NOT show any data

@mattab
Copy link
Member

mattab commented Mar 29, 2009

this page just takes the idsite and displays it, there is nothing confidential at all, especially as this page cannot be accessed via any link… for consistency I added the check though.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. duplicate For issues that already existed in our issue tracker and were reported previously.
Projects
None yet
Development

No branches or pull requests

3 participants