Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
See why Qlik was named a Leader in the 2025 Gartner® Magic Quadrant™ for Augmented Data Quality Solutions: GET THE REPORT
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
swarup_malli
Specialist
‎2016-02-05 01:50 PM

Can extensions carry security risk?

Hi,

I found a couple of open source extension.But before installing them on the Qliksense server ,I want to make sure it does not contain any trojan program that could pose a security risk.

Any tips on how to look for malicious code in extensions?

2,462 Views
0 Likes
3 Replies
satishkurra
Specialist II
‎2016-02-11 02:06 PM

Make sure you are downloading from a trusted sites and the websites from Qlik Partners

Also you can refer Stephan Walther's website

qlikblog.at | QlikView / Qlik Sense Blog by Stefan Walther

1,840 Views
Alexander_Thor
Employee
‎2016-02-11 02:17 PM

So as a rule of thumb extensions poses as much security risk as browsing to Facebook.com, Google.com or any random web page on the web.

Extensions are client side technology, meaning it will execute within the sandbox that is the users browser, so it can't access anything on the server or outside the normal resources a browser can access on the local machine.

The potential risk you are running is that a extension could intercept the data from a app and then pipe that to a third party server somewhere. So I would scan for any outgoing connections such as xmlhttprequest, websockets etc

The Qlik cookies available to steal won't reveal anything special to the attacker apart from a session id which you can lock down with extended security in your virtual proxy.

1,840 Views
swarup_malli
Specialist
‎2016-02-16 09:16 AM
Author

In response to Alexander_Thor

Thank you guys! sorry for the late reply

1,840 Views
0 Likes
Top