Extension talk:Gchart4mw

Security Issues
This is a great wiki extension for public wikis. However, if your wiki is intranet based you may be sending info out that is sensitive (because Google renders the image from a url that is not secured). So at the very least you are sharing your data with Google and also with any one who picks up the communication.

Even with this draw back this is still a useful extension for internal wikis, it just needs to be clear that the data being charted is heading out on the internet. I modified gchart4mw.php to include a warning label. Here is the changed code:

// - function gfLinesRender( $input, $args, $parser ) { global $gchartWikiDefaults; global $gchartLinesDefaults;

gfChartInit ; gfArgsParseCommon ($gchartWikiDefaults); gfArgsParseCommon ($gchartLinesDefaults); gfArgsParseCommon ($args);

$retval = '';

// Insert a dislamer caption $retval = ' ';

return $retval; }

function gfBarsRender( $input, $args, $parser ) { global $gchartWikiDefaults; global $gchartBarsDefaults;

gfChartInit ; gfArgsParseCommon ($gchartWikiDefaults); gfArgsParseCommon ($gchartBarsDefaults); gfArgsParseCommon ($args);

$retval = '';

// Insert a dislamer caption $retval = ' ';

return $retval; }

function gfPieRender( $input, $args, $parser ) { global $gchartWikiDefaults; global $gchartPieDefaults;

gfChartInit ; gfArgsParseCommon ($gchartWikiDefaults); gfArgsParseCommon ($gchartPieDefaults); gfArgsParseCommon ($args);

$retval = '';

// Insert a dislamer caption $retval = ' ';

This will render the image looking like this:

Dear Vaccano,

you are right! All data of the charts is being transmitted to google. And altough it is scaled to a value between 0 and 100 before sending, it might be a security concern for sensitive data.

If you don´t mind I would like to add a disclaimer like yours to the next release of this extension - maybe configurable with a parameter in LocalSettings.php?

sincerely

--Lef73 20:23, 23 January 2008 (UTC)

Sounds great to me! I look forward to using your updated version. --Vaccano 19:15, 28 January 2008 (UTC)