Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Allow unsafe macro execution on server

Hi,

Could anyone please explain what is the consequence of "Allow unsafe macro execution on server" , what are the real threats to business data base, is it good or bad thing to have?

The problem is we have to activate this option in order to be able to run macros on server.

Your reply is much appreciated.

Thank you.

4 Replies
datanibbler
Champion
Champion

Hi Eugen,

I'm not so much into system_administration, but it depends on whether you have to check this on the QlikViewServer or on the actual server? I'm not sure about that.

Anyway, macros (that can easily be hidden in Office files, for ex.) are in general one of the main security threats to server_systems, which is exactly why they are usually prohibited by admins.

Best regards,

DataNibbler

Not applicable
Author

This has to be checked on QV server.

I understand the problem with macros in Word/Excel. but what about QV?

There a re 2 options available: "Allow macro execution on server" and "Allow unsafe macro execution on server" , my question is how does system know what is safe and what is unsafe macro? How can even execute unsafe macro? where can I get one of that?

datanibbler
Champion
Champion

Hi,

an unsafe macro is one that could potentially contain harmful code to harm your soft- or hardware.

When you check this on QlikViewServer, some other developer could build a macro and just plug it into one of your apps without you knowing and cause all sorts of havoc in your software system by doing whatever a macro can do.

I guess, even if a macro within QlikView has access only to the functions QlikView can execute, using the EXECUTE command, you could still do some mischief ...

How the system pretends to know what is an unsafe macro and what is not, I don't know.

kuba_michalik
Partner - Specialist
Partner - Specialist

Unsafe macro in the context of QlikView is one that makes use of CreateObject(...) statement, for example to get access to the filesystem. Safe macro is one that only accesses objects and properties derived from the ActiveDocument special QlikView object.

That's my experience at least - don't treat it as gospel 😉