Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
fabio_ribeiro
Partner - Creator
Partner - Creator

Shared Session URL

Hi all.

Someone know how to hide a host information in URL when we shared a session?

http://localhost/QvAJAXZfc/opendoc.htm?invite=240C5BB758AADDC5C0060E079D759A7EC7F9F20F&anonymous=&ho...

&host=SVRLAB02 can't be displayed by security reasons.

5 Replies
Peter_Cammaert
Partner - Champion III
Partner - Champion III

Unfortunately, this parameter is required whenever you need to direct opendoc.htm to a QVS that isn't residing on localhost. AFAIK that's the case for every user that clicks the link in an email message on his/her desktop/laptop.

Why is server SVRLAB02 a secret? Does nobody know where the QlikView documents are hosted? Or is this security elevated because you are dealing with external users that may know about the AP host but everything else should be hidden?

Peter

fabio_ribeiro
Partner - Creator
Partner - Creator
Author

Hi Peter, how are you?

In this example I took a internal link only to illustrate the problem, the server from which I'm referring is a Government server, and it will be accessed internally and externally too.

This point of view the server name publicly on the internet is a matter of information security.

Peter_Cammaert
Partner - Champion III
Partner - Champion III

Hmmm, I don't know for sure, but I don't think it's possible to change the URL that is embedded in a Shared Session invitation.

You could rewrite opendoc.htm so that it doesn't need the host=XYZ parameter anymore by hardcoding the default destination in that file. But that still doesn't change the invitation URL.

I guess Alexander Karlsson‌ can tell us more about this issue. Not sure if he's still available. Let's try.

Peter

Alexander_Thor
Employee
Employee

As far as I know you can’t modify the invite url but it has been a while since I last looked at it.

But if revealing the hostname is a issue I would be careful anyhow, don’t we leak that information through the document info menu anyhow?

Alexander Karlsson

Developer Relations Engineer

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

Leigh_Kennedy
Employee
Employee

It only shows the short host name, not the FQDN. Thinking outside the Square, why not just make sure the host name doesn't identify the server from outside.  i.e. if the server name is ABC123 then that will mean nothing unless people are on your network.  If its an internal IP address, it won't resolve externally if someone tries to work it out.