From 0963a38d179cc7fffdb8e78dac3b981e651cfd68 Mon Sep 17 00:00:00 2001
From: Thomas Steur <thomas.steur@gmail.com>
Date: Wed, 19 Aug 2015 12:38:21 +0000
Subject: [PATCH] added warning re debug_on_demand

---
 config/global.ini.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/global.ini.php b/config/global.ini.php
index 9fc7064a9b..71d3345436 100644
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -570,7 +570,9 @@ use_third_party_id_cookie = 0
 debug = 0
 
 ; This option is an alternative to the debug option above. When set to 1, you can debug tracker request by adding
-; a debug=1 query paramater in the URL. All other HTTP requests will not have debug enabled.
+; a debug=1 query paramater in the URL. All other HTTP requests will not have debug enabled. For security reasons this
+; option should be only enabled if really needed and only for a short time frame. Otherwise anyone can set debug=1 and
+; see the log output as well.
 debug_on_demand = 0
 
 ; This setting is described in this FAQ: http://piwik.org/faq/how-to/faq_175/
-- 
GitLab