Qlik Community

Ask a Question

QlikView Administration

Discussion Board for collaboration on QlikView Management.

Announcements
Join this live chat April 6, 10AM EST - QlikView to Qlik Sense REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Potential cross site redirection issue?

Hi All,

I'm new to QlikView and have just setup a server instance. I'm using NTLM authentication with Authentication set to "Always" and the login address set to "Alternate Login Page (web form)".

I notice that if I supply users with a crafted URL, e.g. http://xxx.yyy.zzz/qlikview/logout.htm?login=http://www.google.com the login link on the subsequent page gets redirected to www.google.com.

Is there any way to circumvent this as it's being flagged as a security risk.

Many thanks.

0 Replies