Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
bradley_isaacs
Contributor II
Contributor II
‎2017-08-07 06:26 AM

Securing QVS files

Hey guys

Anyone know of a way to secure qvs files.  My end-goal is to protect my code from clients - not allowing them to see or edit the code. 

I currently  have the important pieces of code in qvs files.  And i dont want them to see or edit the code.  Including the code in hidden scripts works for log file purposes, but they can still get to the actual files if they want.

Any suggestions ?

2,052 Views
0 Likes
1 Solution

Accepted Solutions
gsbeaton
Luminary Alumni
Luminary Alumni
‎2017-08-07 08:45 AM

Hi Bradley,

It's actually very difficult to secure your QVS code.  There are various things you can do to try to obfuscate it but a bit like JavaScript and other client side scripting languages, nothing is really ever going to be secure against the determined snooper.

If your Qlik server can call out to the web, then consider making your QVS file web accessible.  You can either secure it by IP or, by using an API key.  Something like this would work:

//Hidden Script:




Sub GetQVS(apikey)


  $(Must_Include="https://mywebservice.com/LoadScript.qvs?"&apikey);


End Sub




//Application




SET apikey = dskfjflkjlsdsdlkjfdslkjfe;




CALL GetQVS($(apikey));

You can send your client a new API key every now and then and of course you can monitor access and secure by IP using traditional web security methods.

Oh, and of course, remember to set a password on your hidden script tab.

Hope that gets you started.

George

View solution in original post

1,631 Views
11 Replies
arvind_patil
Partner - Specialist III
Partner - Specialist III
‎2017-08-07 07:36 AM

Hi Bradley,

Please use Bradley,

Please use binary load no one can crack your logic.

Thanks,

Arvind Patil

1,632 Views
0 Likes
bradley_isaacs
Contributor II
Contributor II
‎2017-08-07 07:39 AM
Author

In response to arvind_patil

Thanks for your response Arvind, but I need to use qvs files for maintenance purposes - we are always maintaining those qvs files

1,631 Views
0 Likes
arvind_patil
Partner - Specialist III
Partner - Specialist III
‎2017-08-07 07:43 AM

In response to bradley_isaacs

Hi,

Please Follow below steps:

Qvs is a Qlikview script file what we write in a edit script(just copy and paste it in notepad and save like myfile.qvs)

Use: We can manitain architecture (we will do a transformation and key creation and etc, so u can divide this part by part) and reusability

So, Key Creation script------> Key_Invoive.qvs

      Transformation----> Trans_Invoice.qvs

then u can include this script into qvw file through Insert-->Include statement-->Select the Qvs file.

Thanks,

Arvind Patil

1,631 Views
0 Likes
bradley_isaacs
Contributor II
Contributor II
‎2017-08-07 07:50 AM
Author

In response to arvind_patil

Hi Arvind

I dont think you understand my issue. 

I know exactly what qvs files are and they are used for. 

My issues however is securing those qvs files, so that no one can get to them.

1,631 Views
0 Likes
arvind_patil
Partner - Specialist III
Partner - Specialist III
‎2017-08-07 07:54 AM

In response to bradley_isaacs

Hi Bradley,

Copy all your Files into one qvw . Your code must be inside the comment . And Apply Section access on it if you put right password then only you can access.

May be it will help you.

Thanks,

Arvind patil

1,631 Views
0 Likes
bradley_isaacs
Contributor II
Contributor II
‎2017-08-07 07:58 AM
Author

In response to arvind_patil

Hi Arvind

Section access will work, but the client still need access to the model (qvw) for maintenance purposes.  So i cant put the code inside the model.  And also, we send regular updates to the qvs files, hence they are being kept outside the model.

1,631 Views
0 Likes
arvind_patil
Partner - Specialist III
Partner - Specialist III
‎2017-08-07 08:26 AM

In response to bradley_isaacs

Hi Bradley,

If client want your code at any cost for maintenance purpose then why you want to hide.

In simple words may be you secure your files wuth password then also you need to share your password.

I think no one have idea about It.

Thanks,

Arvind patil

1,631 Views
0 Likes
gsbeaton
Luminary Alumni
Luminary Alumni
‎2017-08-07 08:45 AM

Hi Bradley,

It's actually very difficult to secure your QVS code.  There are various things you can do to try to obfuscate it but a bit like JavaScript and other client side scripting languages, nothing is really ever going to be secure against the determined snooper.

If your Qlik server can call out to the web, then consider making your QVS file web accessible.  You can either secure it by IP or, by using an API key.  Something like this would work:

//Hidden Script:




Sub GetQVS(apikey)


  $(Must_Include="https://mywebservice.com/LoadScript.qvs?"&apikey);


End Sub




//Application




SET apikey = dskfjflkjlsdsdlkjfdslkjfe;




CALL GetQVS($(apikey));

You can send your client a new API key every now and then and of course you can monitor access and secure by IP using traditional web security methods.

Oh, and of course, remember to set a password on your hidden script tab.

Hope that gets you started.

George

1,632 Views
bradley_isaacs
Contributor II
Contributor II
‎2017-08-07 10:39 AM
Author

In response to gsbeaton

Thanks George

I was opting for an web solution. So i think this is the way to go.  ALso gives me hands-on, on the qvs files we want to update regularly. 

So your suggestion is really helpful and i do appreciate.

Thanks again.

1,631 Views
0 Likes