Is the use of idsite unsecure?

j_klein · August 13, 2009, 2:11pm

Hy to all!
Sorry wrong title: i mean “problematic” not unsecure

I have installed piwik since a few month.
But now I have found the following problem with a site.
Example:
Site 1 (with idsite=1) makes only some visits (100 / month)
Site 2 (with idsite=2) makes many visits a day (over 100 / day)

Now I have used the wrong idsite in the Code for the new Site 2 and
all visists are counted to the Site 1.
I don´t need correction of the data because the stats only for me and I have
changed the idsite now.
I want to use it on all my sites also for the customers, but if some customer
takes the wrong idsite-Tag (some have many sites) then also the stats are wrong.
Is this normal?
Is some check for the used domainname planned ?
Thanks
JK

matthieu · August 13, 2009, 8:16pm

see http://dev.piwik.org/trac/ticket/588

diri · August 24, 2009, 10:26am

You are shure to implement checking calling site after Piwik 1.0?

IMNSHO it is a very critical security hole → Training camp for DoS for absolute beginners. In most worst case a DDoS might be possible.

For me the same applies to this absolute dependancy on visitor’s browser at the moment. More action on server side would increase security very much.

vipsoft · August 24, 2009, 10:48am

Let’s frame this in the right context. Currently, this is no less secure than GA, Y!A, MS Analytics, or many other client-based tracking systems.

diri · August 24, 2009, 11:21am

Oh, don’t get me wrong, please!

For me it is a security hole. No matter which application you take.

I never said named applications being secure … :->