QVD/QVW files store connection string in plain tex... - Qlik Community

rbecher · ‎2011-12-11

Hi all,

I want to mention this thread which describes a serious security issue:

This is happen at least with QV10 SR3.

I would encourage all of you to update to version 10 SR4.

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

rbecher · ‎2011-12-12

To keep it short, to remove the password:

1. affected QVW files must be opened and saved with QV10 SR4, a reload is not needed

2. affected QVD files must be recreated (stored) with QV10 SR4

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

rbecher · ‎2011-12-14

Web file sources (URLs) are also affected!!

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

rbecher · ‎2011-12-14

Also section access and hidden script is affected!!

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

rbecher · ‎2011-12-26

There will be a fix next week:

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

QVD/QVW files store connection string in plain text!