@VorobeY1326 wrote:
Hello, piwik developers!
Since 3.0 version, it's recommended to make piwik.js file writable. Cause of some plugins who want to add some code here and even "in future releases core features may not work".
But it's insecure, isn't it? The whole idea of piwik instead of GA or something else (in my case at least) is that I can control everything — data collected, scripts served to clients. Major idea of not using GA was "it's insecure to download some unknown js file from google and run it in our clients browsers". And now you are suggesting to make piwik.js writable. So any plugin can add something to file which is served to all our clients. Or any attack now seems more dangerous, cause there are more chances to add some code to piwik.js.
Can't you create some alternative way of updating piwik.js for paranoidal users? For example, some kind of "core:update" console tool. So I can update piwik (or install plugin), then grant write permissions to piwik.js, execute some tool "core:updatePiwikJs" and make file readonly again. In this case I can also make a copy of js file before executing update and then compare files to make sure nothing unexpected was added.
Posts: 1
Participants: 1