Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi all!
I have noticed a very strange thing using QVD files... Inside the file, I can read in plain text my QlikView script, including the connection string with password!
How it can be possible?
Here is a message I just received from QV Support:
"I have looked into this issue, and I can not say that is fixed as of yet in SR4. There is a bug open for SR3, and has been reproduced by our R&D. I will ask around to see if I can find more information on it, and will get back to you as soon as possible."
I will let you know if I hear anything else.
JS
Hello jsomem
We identified this issue 2 months ago on a SR3 server.
We upgraded our server last week to SR4 and the problem seems to be solved
to us.
All user/pass combination was replaced by a ""
Provider=OraOLEDB.Oracle.1;
Persist Security Info=False;
Data Source=ORAPRD;
Extended Properties=""
Atenciosamente,
Cléver Anjos
Assessoria
clever@swb.com.br
(Embedded image moved to file:
pic16158.gif)SWB
SWB Soluções Integradas Ltda | Av. Cesário Alvim, 2258 - CEP: 38400-696
- Uberlândia-MG Brasil - www.swb.com.br
As informações contidas neste e-mail e quaisquer documentos nele anexados
podem ser particulares e são propriedade confidencial da SWB Soluções
Integradas. Se você não for o destinatário ou se recebeu esta mensagem
irregularmente ou por erro, por favor, apague o e-mail e avise o
remetente o mais rápido possível. Este e-mail não pode ser divulgado,
armazenado, utilizado, publicado ou copiado por qualquer um que não o(s)
seu(s) destinatário(s).
From: jsomsen <qliktech@sgaur.hosted.jivesoftware.com>
To: Clever Anjos <clever@swb.com.br>
Date: 14/12/2011 20:11
Subject: - Re: QVD files store
connection string in plain text!
Hi,
I have been testing extensively using SR4 of version 10, and it does not happen when the document is created o reloaded using this version, as I mentioned in my posts above (see EDIT2). Using this same version, are you still seeing the passwords plain text?
Regards,
Miguel
On the issue with NTNAMEs being displayed in the QVW, this is caused by checking the document level properties setting "Filter AccessPoint Document List Based on Section Access" on the Server tab. Sort of makes sense but can't see why it isn't encrypted. If this is unchecked, it removes the entries when the file is saved. Probably the wise thing to do if sharing the actual document.
flipside
All,
We are currently investigating this issue - both in terms of how best to resolve the issue and what versions of QlikView are impacted.
I will update this thread when I have more information.
Thanks
Chris Furlong
Senior Director, Product Management
Chris, We have upgraded to QV10 SR4 and it appears to have fixed the password issue. We (especially our Security Administrators) look forward to seeing what QV has to say about a complete fix.
Thanks,
JS
Hi,
I have updated to QV10 SR4 too but I see in QVD my script and the connection string without password but with QV9 SR7 in QVD files I see only the data and nothing more.
Regards
Luca Jonathan Panetta
I just got a message from Support that QV10 SR4 does fix this issue.
Thanks,
JS
No, it's not!
SR4 is not fixing all issues with connection strings in QVD files..
- Ralf
Vielen Dank für Ihre Nachricht.
Ich bin vom 19.12.2011 bis 02.01.2012 nicht erreichbar. Bitte beachten Sie, dass Ihre E-Mail in dieser Zeit nicht weitergeleitet bzw. bearbeitet wird.
Vielen Dank für Ihr Verständnis.
Mit freundlichen Grüßen
Sven Uhlig