Google analytics on WordPress how_

  • klockheed · Member ·

    I’m not being hostile, I’m just saying that its crap. It is a cop-out, the easy way out. Rather than building a better system, they’ll just avoid the scary bits. That said, WordPress is free, fantastically simple to use, filled with blogging goodies, so its a small thing. To be honest, I’m mostly concerned about the attitude of the comments on this thread and others, “this has already been discussed… do a search…” etc. Folks seem more interested in defending the party line rather than actually helping users.

  • timethief · Member ·

    If you particular google analytics information about your blog in mind, although you haven’t mentioned specifics, you can request it.

    This is my understanding of wordpress.com. We are all on a shared multi-user blogging platform (over 800 thousand of us). And this is my understanding of why hosted WordPress can’t allow Javascript and still preserve security.

    Blogs are served from {name}.wordpress.com. The WordPress cookie is delivered to any site that ends in wordpress.com. Any Javascript on the page is legitimately allowed to look up cookies that would be sent to the domain it’s served from.

    This means that if you can run Javascript on a hosted WordPress page, then you can retrieve the login cookie from another WordPress user, and then pass it to an external site. (Generally by creating an image reference that includes the encoded login cookie.)

    This is just a basic part of the underlying technology of the web browser, and it’s required for sites like gmail, Yahoo! and others to operate.

    There are ways a site can avoid this problem (generally by constantly changing the login cookie data with EVERY response, and invalidating the old ones immediately), but they require more horsepower on the backend than the blogging sites are really able to provide, and there’s still usually a small window of opportunity for security to be violated.

    As I said before: if you particular google analytics information about your blog in mind, although you haven’t mentioned specifics, you can request it.

  • drmike · Member ·

    I’m not being hostile, I’m just saying that its crap.

    No, you’re being rude and insluting. Ends now.

    Just because you don’t understand the risks involved doesn’t mean that they don’t exist. We’re here trying to assist folks. You’re preventing us from doing so.

1 2
  • The topic ‘Google analytics on WordPress how_’ is closed to new replies.