@tsteur opened this issue on February 8th 2017

It could be good to have an option to disable plugin upload, maybe it could be even disabled by default (to be decided). Most users likely will never need it so good to make UI simpler etc. We would also need to update some FAQs.

It can be already disabled via enable_plugins_admin but it would be great to have separate option for it as often users still want to use plugins admin but not the upload.

FYI: Only logged in super users can upload plugins, nothing will change there.

@mattab commented on February 21st 2017

It could be good to have an option to disable plugin upload, maybe it could be even disabled by default (to be decided).

Will be good to decide on this soon. Administrators of a Piwik server would likely not expect Super Users to be able to execute code on servers. I think it would make a lot of sense to prevent RCE (remote code execution) by default for Super users, as it would be consistent with our high security standards and overall practises.

This issue was closed on March 17th 2017
Powered by GitHub Issue Mirror