Discourage the use of the config setting tracking_requests_require_authentication=0 #3016

Closed
mattab opened this Issue Mar 6, 2012 · 1 comment

1 participant

@mattab
Piwik Open Source Analytics member

WE should make it clear that tracking_requests_require_authentication should not be used on public facing Piwik servers. It would allow anyone to push data with a custom date in the past or future, or create artificial visits using custom IPs. This is a security issue to use this setting on publicly available servers.

@mattab
Piwik Open Source Analytics member

(In [5978]) Fixes #3016
Clarify in the doc that tracking_requests_require_authentication should not be used on public facing Piwik servers since it would allow anyone to push data in the past, future, or with custom IP, which is a security concern

@mattab mattab added this to the 1.12.x - Piwik 1.12.x milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment