Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
pljsoftware
Creator III
Creator III

QVD files store connection string in plain text!

Hi all!

I have noticed a very strange thing using QVD files... Inside the file, I can read in plain text my QlikView script, including the connection string with password!

How it can be possible?

66 Replies
Not applicable

Only a quick question in the similar direction. The same safety issues occured when using the -prj subfolders for version control. There passwords were also stored in plain text in the xml files. Has this been fixed as well ?

Regards

Christian

Not applicable

Henke,

This is not related, this is the expected behaviour in the prj folders:

In the prj files it is stored as it is stored in QV i.e. if the script is in clear text and if the script includes the connection string without scramble then it is unscrambled in the prj file but if it is scrambled then it is scrambled in the prj.

All of the hidden script part is scrambled so if this is used it is not readable.

Not applicable

I am using QV10SR3.

I make an oracle connection with scrambled credentials in the script,

bug1.jpg

than I go to the -prj folder and double click on DocProperties.xml the file opens in InternetExplorer showing the full xml outline. At the end you have a section Lineage, LineageInfo, Discriminator where the log in is visible in clear text !!

bug2.jpg

Is this issue solved as well ?

Christian

pljsoftware
Creator III
Creator III
Author

Hi Christian,

I don't know if this issue is solved in your case but why don't you install QV10SR4 and try it?

Regards

Luca Jonathan Panetta

PLJ Software

Not applicable

What does Luca get for discovering the bug? A t-shirt at least?

pljsoftware
Creator III
Creator III
Author

Ahahah!!!

Good idea Juan.

Thanks to sponsoring me

Not applicable

In QV 11 IR, the whole Lineage section (including LineageInfo and Discriminator) seems to be removed from DocProperties.xml.