https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060844#M4527 <HTML><HEAD></HEAD><BODY><P>Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.</P></BODY></HTML> Tue, 03 May 2016 17:12:16 GMT 2016-05-03T17:12:16Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060843#M4526 <HTML><HEAD></HEAD><BODY><P>Does Qlik verify the contributions or projects on Qlik Branch? If not, is there a way for Qlik users to certify that particular extensions are safe or do not have glaring vulnerabilities? Some of our clients are concerned about allowing unverified third-party Javascript packages to run on their servers.</P><P></P><P>Thanks in advance.</P><P></P><P>Cheers,</P><P>Andrew</P></BODY></HTML> Tue, 03 May 2016 07:38:08 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060843#M4526 2016-05-03T07:38:08Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060844#M4527 <HTML><HEAD></HEAD><BODY><P>Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.</P></BODY></HTML> Tue, 03 May 2016 17:12:16 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060844#M4527 2016-05-03T17:12:16Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060845#M4528 <HTML><HEAD></HEAD><BODY><P>Maybe also have a look at Alexander's comment here:</P><P><A href="https://community.qlikview.com/thread/204479" title="https://community.qlikview.com/thread/204479">Can extensions carry security risk? | Qlik Community</A></P></BODY></HTML> Tue, 03 May 2016 17:22:17 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060845#M4528 swuehl 2016-05-03T17:22:17Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060846#M4529 <HTML><HEAD></HEAD><BODY><P>Hey Andrew,</P><P></P><P>As other poster stated I would recommend _everyone_ to verify the source code on their own.</P><P>You wouldn't copy / paste a load script from a page on the internet into your app and the same rule of thumb should go for Extensions.</P><P></P><P>Now with that said, since extensions are just normal objects the usual section access and security rules apply so a extension can't access anything apart from what the user is allowed to see. We also do checks for click-jacking and obvious malicious code for the projects posted on Branch.</P></BODY></HTML> Wed, 04 May 2016 16:48:45 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Branch-Extension-Security-Verification/m-p/1060846#M4529 Alexander_Thor 2016-05-04T16:48:45Z