Bypassing Qlikview Security -it's easier than you think.

Thu, 14 Apr 2011 18:10:32 GMT

I have found an easy way to bypass all security in Qlikview 10 be it NT Username, NTSID or username and password.

I stumbled upon this method when being locked out of section access in a training class. It took me only 5 minutes to find this exploit not through Google, it's not published just by poking around.

It takes a hacker but not much of one to get around the security. The only access you need is the ability to open the QVW in the server as a regular user from the thick client not a browser. If the document is not published for you this method won't work unless you can get your hands on the QVW itself, but if you are a user who lets say can't see salary information because it's restricted or reduced in section access this method will completely ignore all security.

Are you guys concerned about this?

If you don't believe me send me a QVW restricted with section access and I will return it with the section access commented out.

I am concerned but not so much for my user community. Even if Qliktech fixes this moving forward it won't fix things unless the new QVW's cannot be opened in Qlikview 10.

Out of respect for Qliktech I won't publish how to bypass the security but will discuss it with Qliktech if they want.

Bypassing Qlikview Security -it's easier than you think.

rwunderlich — Thu, 14 Apr 2011 18:32:46 GMT

Please do report this issue and the details to Qliktech support. Thanks.

topic Bypassing Qlikview Security -it's easier than you think. in QlikView

Bypassing Qlikview Security -it's easier than you think.

Bypassing Qlikview Security -it's easier than you think.