Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2014-10-21 09:58 AM

Allow unsafe macro execution on server

Hi,

Could anyone please explain what is the consequence of "Allow unsafe macro execution on server" , what are the real threats to business data base, is it good or bad thing to have?

The problem is we have to activate this option in order to be able to run macros on server.

Your reply is much appreciated.

Thank you.

1,440 Views
0 Likes
4 Replies
datanibbler
Champion
Champion
‎2014-10-21 10:07 AM

Hi Eugen,

I'm not so much into system_administration, but it depends on whether you have to check this on the QlikViewServer or on the actual server? I'm not sure about that.

Anyway, macros (that can easily be hidden in Office files, for ex.) are in general one of the main security threats to server_systems, which is exactly why they are usually prohibited by admins.

Best regards,

DataNibbler

665 Views
Not applicable
‎2014-10-21 10:26 AM
Author

In response to datanibbler

This has to be checked on QV server.

I understand the problem with macros in Word/Excel. but what about QV?

There a re 2 options available: "Allow macro execution on server" and "Allow unsafe macro execution on server" , my question is how does system know what is safe and what is unsafe macro? How can even execute unsafe macro? where can I get one of that?

665 Views
0 Likes
datanibbler
Champion
Champion
‎2014-10-21 10:35 AM

In response to

Hi,

an unsafe macro is one that could potentially contain harmful code to harm your soft- or hardware.

When you check this on QlikViewServer, some other developer could build a macro and just plug it into one of your apps without you knowing and cause all sorts of havoc in your software system by doing whatever a macro can do.

I guess, even if a macro within QlikView has access only to the functions QlikView can execute, using the EXECUTE command, you could still do some mischief ...

How the system pretends to know what is an unsafe macro and what is not, I don't know.

665 Views
0 Likes
kuba_michalik
Partner - Specialist
Partner - Specialist
‎2014-10-21 02:43 PM

In response to

Unsafe macro in the context of QlikView is one that makes use of CreateObject(...) statement, for example to get access to the filesystem. Safe macro is one that only accesses objects and properties derived from the ActiveDocument special QlikView object.

That's my experience at least - don't treat it as gospel 😉

665 Views
0 Likes