Qlik Community

Connectivity & Data Prep

Discussion board where members can learn more about Qlik Sense Data Connectivity.

cancel
Showing results for 
Search instead for 
Did you mean: 
erhardt_dekock
Contributor III
Contributor III

REST connector PaySpace - hide credentials

Hello

We have integrated with PaySpace (Salary and employee data) using a Soap REST connector.

The data connector uses * as username and password just to have the connection setup.

The real credentials used for this connector is contained in the Body, which is in the script of the app.

We have section access setup to the app, which protects the credentials in the script.

The issue is that these credentials show in the log file once reloaded, which is then visible to all developers.

Is there a way to encrypt these credentials or hide them?

Any suggestions are welcome

Labels (1)
1 Solution

Accepted Solutions
Gysbert_Wassenaar

Sorry, but that's incorrect.  If you can duplicate the app you can always open the app without data and then you can see the script.


talk is cheap, supply exceeds demand

View solution in original post

5 Replies
Gysbert_Wassenaar

I don't understand your problem. Section Access has zero influence on who gets to see what's in the script or not. If your developers have access to the load script then they can see anything that's in the script. They won't need to see the reload logs for that. So, I don't understand what your describing. Could you explain?


talk is cheap, supply exceeds demand
erhardt_dekock
Contributor III
Contributor III
Author

Without being included in the section access you can not see the script of an QlikSense app. The developers who are not suppose to see the script is not included in the section access. Even if they duplicate the app, they won't be able to open it.

Gysbert_Wassenaar

Sorry, but that's incorrect.  If you can duplicate the app you can always open the app without data and then you can see the script.


talk is cheap, supply exceeds demand
erhardt_dekock
Contributor III
Contributor III
Author

Excellent to know Gysbett, thank you.
Will have a chat to our Qlik Partner in the new year. Have removed the app from the QMC for now.
Still looking for a solution, but will create another post.
Gysbert_Wassenaar

It's really very simple. If you don't trust your developers then don't give them access to the data. Create a separate app that loads the data, anonymizes the data and store that data in qvd files. Then let your developers create apps using only the anonymized data. When they're done developing you can take those apps away from them and load them with real data. Make sure those untrustworthy developers can't duplicate those apps.


talk is cheap, supply exceeds demand