Solved: Re: QVD files store connection string in plain tex... - Page 5 - Qlik Community

pljsoftware · ‎2011-12-06

Hi all!

I have noticed a very strange thing using QVD files... Inside the file, I can read in plain text my QlikView script, including the connection string with password!

How it can be possible?

Anonymous · ‎2011-12-14

Here is a message I just received from QV Support:

"I have looked into this issue, and I can not say that is fixed as of yet in SR4. There is a bug open for SR3, and has been reproduced by our R&D. I will ask around to see if I can find more information on it, and will get back to you as soon as possible."

I will let you know if I hear anything else.

JS

Clever_Anjos · ‎2011-12-15

Hello jsomem

We identified this issue 2 months ago on a SR3 server.

We upgraded our server last week to SR4 and the problem seems to be solved

to us.

All user/pass combination was replaced by a ""

Provider=OraOLEDB.Oracle.1;

Persist Security Info=False;

Data Source=ORAPRD;

Extended Properties=""

Atenciosamente,

Cléver Anjos

Assessoria

clever@swb.com.br

9992-8765 / 3291-6618

(Embedded image moved to file:

pic16158.gif)SWB

SWB Soluções Integradas Ltda | Av. Cesário Alvim, 2258 - CEP: 38400-696

- Uberlândia-MG Brasil - www.swb.com.br

As informações contidas neste e-mail e quaisquer documentos nele anexados

podem ser particulares e são propriedade confidencial da SWB Soluções

Integradas. Se você não for o destinatário ou se recebeu esta mensagem

irregularmente ou por erro, por favor, apague o e-mail e avise o

remetente o mais rápido possível. Este e-mail não pode ser divulgado,

armazenado, utilizado, publicado ou copiado por qualquer um que não o(s)

seu(s) destinatário(s).

From: jsomsen <qliktech@sgaur.hosted.jivesoftware.com>

To: Clever Anjos <clever@swb.com.br>

Date: 14/12/2011 20:11

Subject: - Re: QVD files store

connection string in plain text!

Miguel_Angel_Baeyens · ‎2011-12-15

Hi,

I have been testing extensively using SR4 of version 10, and it does not happen when the document is created o reloaded using this version, as I mentioned in my posts above (see EDIT2). Using this same version, are you still seeing the passwords plain text?

Regards,

Miguel

flipside · ‎2011-12-15

On the issue with NTNAMEs being displayed in the QVW, this is caused by checking the document level properties setting "Filter AccessPoint Document List Based on Section Access" on the Server tab. Sort of makes sense but can't see why it isn't encrypted. If this is unchecked, it removes the entries when the file is saved. Probably the wise thing to do if sharing the actual document.

flipside

Report Inappropriate Content · ‎2011-12-19

All,

We are currently investigating this issue - both in terms of how best to resolve the issue and what versions of QlikView are impacted.

I will update this thread when I have more information.

Thanks

Chris Furlong

Senior Director, Product Management

Anonymous · ‎2011-12-19

Chris, We have upgraded to QV10 SR4 and it appears to have fixed the password issue. We (especially our Security Administrators) look forward to seeing what QV has to say about a complete fix.

Thanks,

JS

pljsoftware · ‎2011-12-19

Hi,

I have updated to QV10 SR4 too but I see in QVD my script and the connection string without password but with QV9 SR7 in QVD files I see only the data and nothing more.

Regards

Luca Jonathan Panetta

PLJ Software

Anonymous · ‎2011-12-20

I just got a message from Support that QV10 SR4 does fix this issue.

Thanks,

JS

rbecher · ‎2011-12-20

No, it's not!

SR4 is not fixing all issues with connection strings in QVD files..

- Ralf

Astrato.io Head of R&D

s_uhlig · ‎2011-12-20

Vielen Dank für Ihre Nachricht.

Ich bin vom 19.12.2011 bis 02.01.2012 nicht erreichbar. Bitte beachten Sie, dass Ihre E-Mail in dieser Zeit nicht weitergeleitet bzw. bearbeitet wird.

Vielen Dank für Ihr Verständnis.

Mit freundlichen Grüßen

Sven Uhlig