@anonymous-piwik-user opened this Issue on May 22nd 2013

Hi,

this is my first time I open such a ticket, so I apologize if I make any mistakes here.

Like discussed in the forum, I suggest to implement the option to encrypt cookie content to solve two non trivial security issues.
The first is to prevent users from manipulate the cookie content and the second is for better cooperation with security tools like Mod-Security.

For this purpose I try to implement a blowfish class to transparently encrypt everything you like.
Find my patchfile attached to this ticket.

By now I need help and someone who have a deeper understanding what piwik does internally.
So here is my first try.

Keywords: blowfish, cookie encryption

@anonymous-piwik-user commented on May 22nd 2013

Attachment: Patch created against master commitpoint 6257f0655ae8fc8ca6b99f700783f3d0f18dbf35
cookie_encryption.patch

@robocoder commented on May 22nd 2013 Contributor

For Piwik 2.0, it might be easier to simply drop our setcookie wrapper and advise users to use Suhosin's built-in cookie encryption.

@halfdan commented on May 22nd 2013 Member

@vipsoft, Suhosin is dead. There hasn't been any release for PHP 5.4 nor 5.5 and there most likely will never be any.

@robocoder commented on May 22nd 2013 Contributor
Powered by GitHub Issue Mirror