Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

SiteMinder and retrieving images from Oracle

I've put this up as a question as someone out there may have a solution to the issue.

I am working on a project that use QlikView to display data stored in an Oracle database. The data consists of text, numbers and images stored in BLOB tables. In the development environment everything works perfectly all the data is retrieved when the QlikVIew instance on the server is refreshed, and all the images display as they should.

Having finished the development work, I need to move into the QA, UAT & Prod platforms which are far more locked down. Putting the working dev code into the QA environment along with the Oracle database, the images no longer display, all that is returned is the <qmem ......> text.

The reason for this happening, and the reason why I have posted this in the security forum, is the SiteMinder configuration on the QlikView server. In order to ensure that no cross site scripting can take place, the flag 'CSSChecking' is set to 'YES'. This has the effect of blocking the characters listed in the 'BadCSSChars' flag which include '<' and '>', hence when the QlikView code in the browser is refreshed the '<qmem ....>' requests are blocked from reaching the QlikView server. Organisational policy means that we are not allowed to change either of these flags in non-development environments, (hence why it works in dev), and therefore we are having to down grade the presentation in order to avoid using the images.

If anyone has any suggestions as to how we can get round this problem, or if there is an update to the next version of QlikView this would be very useful.

Thanks,

Pete.

4 Replies
Fredrik_Lautrup
Employee
Employee

This is a known issue that will be fixed in a future SR. But right now I can't say which, so keep a lookout in the release notes of upcoming service releases.

Fredrik

Not applicable
Author

Thanks Fredrik.

Bill_Britt
Former Employee
Former Employee

Hi,

The issue is that the images uses the double // and siteminder reject these by default. If you look at Fiddler trace you will see:

GET
/QvAjaxZfc/QvsViewClient.aspx?datamode=binary&name=qmem%3A//%3Cbundled%3E/BuiltIn/led_r.png&host=Local&slot=&stamp=CHYD.O6%3DY%3FF7%3B2%3EH4%28F%23S0&view=test.qvw&width=92&height=12&stretchmode=2&adjust=left

Notice the red // this is what is causing the issues. If you set Siteminder to allow the // things will work fine.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author