Solved: Re: QVD files store connection string in plain tex... - Page 3 - Qlik Community

pljsoftware · ‎2011-12-06

Hi all!

I have noticed a very strange thing using QVD files... Inside the file, I can read in plain text my QlikView script, including the connection string with password!

How it can be possible?

pljsoftware · ‎2011-12-12

Hi Clever,

do you know what is the number of bug? I want to be sure that it is fixed in QV 10 SR4.

Regards

Luca Jonathan Panetta

PLJ Software

Clever_Anjos · ‎2011-12-12

It was

80936

This number does not appear in fixlist, but the problem was solved (we updated our server last thursday and it´s ok now)

rbecher · ‎2011-12-12

Btw. it is enough to open the QVW file with QV10 SR4 and save it to remove the password.

A new (re)load is not necessary.

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

Clever_Anjos · ‎2011-12-12

Well, we´re talking about QVD files, I think it´s necessary to reload to create the QVD files again.

rbecher · ‎2011-12-12

Of course, how else they could change...

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

luciancotea · ‎2011-12-12

I believe you noticed that the problem is/was also present in QVW's.

rbecher · ‎2011-12-14

This getting me a headache (QV10 SR4)...

If you work with web file sources (URLs, like in QVSource) all the previous called URLs are stored in the QVD (in all QVDs, not table specific):

<Discriminator>http://api.twitter.com/1/users/show.xml?screen_name=@QlikView</Discriminator>

...

<Discriminator>http://localhost:5555/QVSource/IndustrialCodeBox_KloutConnector/?table=KloutScore&TwitterId=QlikView...</Discriminator>

...

<Discriminator>http://localhost:5555/QVSource/DLS_TwitterConnector/?table=Search&since_id=&searchTerm=%40QlikView -RT</Discriminator>

Hopefully you have not used a user/password in the URL in this way:

http(s):// username : password @ server / resource . ext

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

pljsoftware · ‎2011-12-14

Hello Ralf,

I use the Geocode Google service to have latitude and longitude by an address.

<Discriminator>http://maps.googleapis.com/maps/api/geocode/xml?address=Australia,AU&language=it&sensor=true</Discriminator>

</LineageInfo>

Can I disable the store of URLs in QVD?

Regards

Luca Jonathan Panetta

PLJ Software

rbecher · ‎2011-12-14

Hi Luca Jonathan,

as far as I know this is not possible. There should be an option in the STORE command to switch off storing this meta data mess in a QVD data file. Maybe you can submit a support case?

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

rbecher · ‎2011-12-14

As this comes out of a hidden script I think this is a kind of data leakage. Who knows what ever comes out..

- Ralf

Data & AI Engineer at Orionbelt.ai - a GenAI Semantic Layer Venture, Inventor of Astrato Engine

QVD files store connection string in plain text!