Qlik Community

QlikView Management

Discussion Board for collaboration on QlikView Management.

Not applicable

Potential cross site redirection issue?

Hi All,

I'm new to QlikView and have just setup a server instance. I'm using NTLM authentication with Authentication set to "Always" and the login address set to "Alternate Login Page (web form)".

I notice that if I supply users with a crafted URL, e.g. http://xxx.yyy.zzz/qlikview/logout.htm?login=http://www.google.com the login link on the subsequent page gets redirected to www.google.com.

Is there any way to circumvent this as it's being flagged as a security risk.

Many thanks.

Community Browser