Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
ansalunkhe
Contributor
Contributor

Use form object in the URL instead of query string

We are building an enterprise app and do not want to pass parameters that are visible in the URL. Is there an alternative where the parameters can be hidden? Or can a form object be used instead of query string  in the URL parameter?

Currently, the query string is being sent as part of the URL. We do not want anyone to gain access to any location where URLs are stored and be able to view sensitive information passed via the query string.

4 Replies
Miguel_Angel_Baeyens

Try Open QlikView Document in the action instead of opening via URL. Note that in this case the target document must have the fields which selections you want to pass, else the target document will be open with whatever selections was last saved.

Alternatively, you can use Bookmarks, which although will be visible in the URL, they will look like

http://server/path/opendoc.htm?document=app.qvw&bookmark=Document\BM25

which does not provide any hint on what actually "BM25" stores.

On a different note, for QlikView, URLs with certain parameters are accepted by design. If you don't want it to work that way, you will need to introduce rewrite rules in the web server to avoid users to use parameters in URLs.

Additionally, if security is well in place by whatever folder and file permissions must be applied, and with the use of Section Access, no user will be able to see data they shouldn't see even if they know how to create a URL with these parameters.

ansalunkhe
Contributor
Contributor
Author

@Miguel_Angel_Baeyens 

Thanks for the input.

Can you elaborate on the security of opendoc.htm?

I read one of the solutions could be to use 'POST'. However, that does not seem to a solution with accesspoint.

Miguel_Angel_Baeyens

Do you mean Open QlikView Document in actions or opendoc.htm?

Open QlikView Document action will take the permissions from the user opening QlikView, if the user is allowed to open the file, will do so, else it will get an error. Same applies with section access if it is implemented in both the source and target file.

opendoc.htm is OK as it is already, you needn't change its security.

Brett_Bleess
Former Employee
Former Employee

Anushree, Miguel is definitely on the right track, I just wanted to follow-up with Help link in case you did not find that regarding the Action he mentioned.  Just scroll down a bit on the following link result, and you will find the Actions section describing everything that is available there.  If Miguel's posts got you what you needed, be sure to click the Accept as Solution on the one(s) that best helped.  If you did something else, please consider sharing that so others will know what you did, and you can mark that as the solution after you post, just FYI.

https://help.qlik.com/en-US/qlikview/April2019/Subsystems/Client/Content/QV_QlikView/Button2.htm

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.