Closed mattab closed 8 years ago
The purpose of this plugin is purely for debugging instances we don't have ftp/ssh access. I don't understand why changing this and we making it so complicated. It is still possible to install it on production servers but only when you know what you are doing and only for a very limited amount of time
Checking for super user permissions in all libs meaning forking all libs, maintaining them, merge new updates of the libs, add the super user checks to all libs/to all files and even check each single file within the libs as most might/can be vulnerable.
Once plugin is no longer used it has to be uninstalled, not disabled.
Ok so maybe we don't want to publish on marketplace, which is fine solution.
Maybe also when plugin is disabled, we could display a message and ask user to specifically uninstall it as well as to let him know of the risks.
We could still publish it on the Marketplace with the warning? It is also useful for developers maybe. So we do not have to create a ZIP package before installing it on a server. But doesn't have to be in the Marketplace for me. I think it is just very important to clearly describe what the plugin is for, that it is dangerous and so on. Message to uninstall if plugin is disabled sounds great. +1
Would just prefer to make it not too complicated. There should be no valid reason to install this plugin on a server permanently anyway.
BTW: I'm using this plugin right now on a users instance to debug some issues and it is super helpful
Because the plugin could have some risky files built-in then I don't think it's safe to publish it in the Marketplace. Otherwise some users will expect top security settings from author Piwik and we cannot be sure in this case...
Best for now is maybe to leave plugin as it is and later we could re-consider which would require protecting libs/ folder with Super User access (htaccess or nginx maybe provide tool for this).
Let's not publish it on the marketplace.
Also, just disabled the travis build after discussing with @sgiehl
The goal of this issue is to publish the PiwikDebugger plugin on the Piwik Marketplace. In other words the goal is to make PiwikDebugger ready for debugging production servers.
Plugin Security Review In order to publish the plugin first we must check the security in particular:
checkUserIsSuperUser
callsNotes
WARNING DO NOT INSTALL THIS PLUGIN ON ANY SERVER IN PRODUCTION
in the readme and json?Publish plugin on the Marketplace Once the plugin is certified as secure then we can publish it on the Marketplace"