Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Nov 6, 2023 5:44:18 AM
Jul 9, 2020 5:44:39 AM
As part of the agreement of granting a customer offline license usage, the customer is required to regularly upload User Assignment log files. This essentially replicates the user assignment data which is sent to Qlik in a manual process.
Qlik Sense Enterprise on Windows
QlikView
Licensed with a long term offline license.
⚠️ FYI: All information regarding user subject (user information) is hashed using SHA256 to prevent Qlik from accessing the original data. (The information is encrypted both in transit and at rest). ⚠️
Data Element |
Comment |
Sample Data |
Signed License Key |
|
See above |
Allotment name |
Professional / Analyzer |
“professional” |
Subject |
Domain / User ID; |
“acme\bob” user name included in hashed form in the log files and will show as something like: “a24a2f2b67c5e051bcb6cd2d7a9f7ebe” |
User agent |
Build by the License service version (operating system) and Product (e.g. QSEfW, QCS, QSEfE, ADBI, Qlik Core, QV) |
Licenses/1.6.4 (windows) QSEfW |
Source |
Hashed ID to make each deployment unique, e.g. a Qlik Sense Enterprise on Windows and a Qlik Sense Enterprise on Kubernetes will have different Source ID's |
fbe89d02-6d24-4595-915e-c52ce76f2195 |
Sync metadata |
Versioning information about the subjects and list of subjects to manage the synchronization process. |
{ "source": "my assignments", |
which type of hash are used when encrypted subject and source ?
Hello @paivanov - let me see if we can get that information 🙂
Hello @BMazurekDND - let me review your questions with our SMEs.
Hello @BMazurekDND
The algorithm used cannot be shared. But as for your second question:
For context, a significant portion of offline users are likely to be high security installations...think intelligence, military, diplomatic, law enforcement, etc.
When there are many secure cryptographic hashing functions available, you seem to be implying that Qlik chose to invent their own algorithm (which is a red flag to such clients).
What can you say to give these clients confidence that Qlik is treating their information securely? (Aside from "trust us" assurances...)
Absolutely understood, @BMazurekDND. Let me reach out to the responsible teams and get back to you.
Hello @BMazurekDND - We updated the article with the hashing function being used (SHA256).
Thank you, Sonja.
1. Does the Data Element "Sync metadata" contain sensitive information other than the user ID?
2. Will the contents of the Data Element "Sync metadata" be encrypted in the same way as the Data Element "Signed License Key" and "Subject"?
It seems to me that the "license" and "subject" values in Sample Data are not encrypted.