Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
andy
Partner - Creator III
Partner - Creator III
‎2014-06-20 12:19 AM

How to protect sensitive data?

Hi folks,

I'm building an app that holds sensitive data. No one except the end users should be able to view that data. Not the ones having access to the qvd or qvw files. Not me as the developer either. Then the qv-admins cannot be blamed if there is a leakage.

So the source data will be encrypted with a key, stay encrypted within the qvd. Then I guess the data has to remain encrypted in the qvw (or should I use sectionaccess but then I will get access as the developer or?) and when the user opens the app there is an inputfield to put the key which should decrypt the data. I've seen examples with decrypt-macros. Am I approaching this correctly? Possible with an enterprise tool like Qlikview?

/Andy

Andy

4,265 Views
0 Likes
10 Replies
ashfaq_haseeb
Champion III
Champion III
‎2014-06-20 04:30 AM

Hi for Application point of view you can g with section access.

But Qvd level encryption is not supported.

Hope it helped.

Regards

ASHFAQ

1,484 Views
0 Likes
jagan
Luminary Alumni
Luminary Alumni
‎2014-06-20 04:36 AM

Hi,

I think you cannot encrypt and decrypt data from QVD.  You can restrict the access in Qlikview files with Section access.  You can maintain two environments one for development and other for production, usually developers work on development environment and Qlikview administrator have access to Prod environment.

This way you can restrict, only Qlikview admin has full access to the files.

Regards,

Jagan.

1,484 Views
0 Likes
Colin-Albert
MVP
MVP
‎2014-06-20 04:41 AM

In response to ashfaq_haseeb

Any user who can get a copy of the QVD data can read it either through QV Personal Edition or via third party QVD tools. QVDs are not a secure way of holding data.

Section access can restrict which users can view the data when using QlikView, but the developers will need access to the data to be able to develop and test the application.

The folders & files where the QVD data is held must be secured using AD file permissions so that access is only granted to the QlikView service account and developers when required. The developer permissions can be removed , or the developer account disabled when development is not taking place


1,484 Views
0 Likes
Gysbert_Wassenaar
MVP
MVP
‎2014-06-20 05:00 AM

No, that's not possible.


talk is cheap, supply exceeds demand
1,484 Views
0 Likes
andy
Partner - Creator III
Partner - Creator III
‎2014-06-20 10:21 AM
Author

In response to Gysbert_Wassenaar

Off course it is possible, everything is possible. You add a macro with

your favourite encryption algorithm, you can call the macro either from

script or from gui. If you don't know the answer, do not say it is

impossible.

I was just interesting in findings from people who have done this. Here is

an example

https://medium.com/@justin_skaggs/encryption-in-qlikview-54aedfba6f0e

Me as a developer do not need the true data to develop but can use testdata.

The qlikview administration can access the files so that is why the data

must be worthless to them, encrypted. Just like storage of passwords on any

website.

1,484 Views
0 Likes
Gysbert_Wassenaar
MVP
MVP
‎2014-06-20 10:27 AM

In response to andy

The developer has access to the load scripts where the encryption or decryption takes place. One of your requirements is that the developer has no access to the unencrypted data. Same for admins, but system admins will have access to the documents that contain the unencrypted data that are deployed on the qlikview server.

No one except the end users should be able to view that data.

That requirement cannot be met with Qlikview to the best of my knowledge.


talk is cheap, supply exceeds demand
1,484 Views
0 Likes
andy
Partner - Creator III
Partner - Creator III
‎2014-06-20 05:07 PM
Author

In response to Gysbert_Wassenaar

In all cases where encryption takes place the developers never have access

to the unencrypted data. Think of such a simple case as your password here

at qlik, no developer can read it out since you have the key to the

encryption. You can replace it but never retrieve it in clear text

In the scenario I think of the qlikview script fetches encrypted data which

only the end user knows the key to, stores the encrypted data in a qvd,

just as any data, then the qvw presents the encrypted data, just as any

data and the end-user can enter his key in an input variable and trig the

decrypt macro to get back the true data. I think that should be possible

and have to do a proof of concept

Cannot believe I'm the first one with that use case and Qlikview

1,484 Views
0 Likes
Anonymous
Not applicable
‎2015-02-24 08:46 PM

In response to Gysbert_Wassenaar

You can use Hidden Script.

1,484 Views
0 Likes
Anonymous
Not applicable
‎2015-02-24 08:48 PM

In response to jagan

Of course you can Encrypt and Decrypt QVD.

1,484 Views
0 Likes