How to protect sensitive data? - Page 2 - Qlik Community

andy · ‎2014-06-20

Hi folks,

I'm building an app that holds sensitive data. No one except the end users should be able to view that data. Not the ones having access to the qvd or qvw files. Not me as the developer either. Then the qv-admins cannot be blamed if there is a leakage.

So the source data will be encrypted with a key, stay encrypted within the qvd. Then I guess the data has to remain encrypted in the qvw (or should I use sectionaccess but then I will get access as the developer or?) and when the user opens the app there is an inputfield to put the key which should decrypt the data. I've seen examples with decrypt-macros. Am I approaching this correctly? Possible with an enterprise tool like Qlikview?

/Andy

Andy

Anonymous · ‎2015-02-24

The best solution is :

1) On QVW - Edit Module create decrypt function with CryptoJS.

function decrypt(value) {

if(null==value||''==value) return '';

-----

return decryptedData.toString(CryptoJS.enc.Utf8);

}

Protected Edit Module with password on Document Properties.

2) Create a QVD dynamic with java / C# / C++

In java:

private static byte[] encryptBytes(final String s) throws Exception {

final Key key = new SecretKeySpec("KEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEYKEY", "AES");

final Cipher c = Cipher.getInstance("AES");

c.init(Cipher.ENCRYPT_MODE, key);

return c.doFinal(s.getBytes());

}

3) On Qlik - Edit Script

SELECT decrypt(column)....

from .... qvd

Protected Edit Script with password on Document Properties.

Notes:

* The null and empty column aren't encrypted.

* The qvd generation use Real Column hashcode() (java) to test repeated values on columns

because Crypt generate different values for same input.

* The speed decrease 10% or more depending number of columns encrypted.

This process is tested for a QVD with more than 100 millions records.