Writable piwik.js — other ways to do it

General questions
1

Hello, piwik developers!

Since 3.0 version, it’s recommended to make piwik.js file writable. Cause of some plugins who want to add some code here and even “in future releases core features may not work”.

But it’s insecure, isn’t it? The whole idea of piwik instead of GA or something else (in my case at least) is that I can control everything — data collected, scripts served to clients. Major idea of not using GA was “it’s insecure to download some unknown js file from google and run it in our clients browsers”. And now you are suggesting to make piwik.js writable. So any plugin can add something to file which is served to all our clients. Or any attack now seems more dangerous, cause there are more chances to add some code to piwik.js.

Can’t you create some alternative way of updating piwik.js for paranoidal users? For example, some kind of “core:update” console tool. So I can update piwik (or install plugin), then grant write permissions to piwik.js, execute some tool “core:updatePiwikJs” and make file readonly again. In this case I can also make a copy of js file before executing update and then compare files to make sure nothing unexpected was added.

2

Only plugin you’ve instaled and therefore already “trust”

[quote]

Can’t you create some alternative way of updating piwik.js for paranoidal users? For example,[/quote]

That’s the case already :+1:

$ ./console help custom-piwik-js:update
Usage:
 custom-piwik-js:update [--source-file="..."] [--target-file="..."] [--ignore-minified]

Options:
 --source-file         Absolute path to source PiwikJS file. (default: "/home/matt/dev/piwik-master/js/piwik.min.js")
 --target-file         Absolute path to target file. Useful if your /piwik.js is not writable and you want to replace the file manually (default: "/home/matt/dev/piwik-master/piwik.js")
 --ignore-minified     Ignore minified tracker files, useful during development so the original source file can be debugged