I've put this up as a question as someone out there may have a solution to the issue.
I am working on a project that use QlikView to display data stored in an Oracle database. The data consists of text, numbers and images stored in BLOB tables. In the development environment everything works perfectly all the data is retrieved when the QlikVIew instance on the server is refreshed, and all the images display as they should.
Having finished the development work, I need to move into the QA, UAT & Prod platforms which are far more locked down. Putting the working dev code into the QA environment along with the Oracle database, the images no longer display, all that is returned is the <qmem ......> text.
The reason for this happening, and the reason why I have posted this in the security forum, is the SiteMinder configuration on the QlikView server. In order to ensure that no cross site scripting can take place, the flag 'CSSChecking' is set to 'YES'. This has the effect of blocking the characters listed in the 'BadCSSChars' flag which include '<' and '>', hence when the QlikView code in the browser is refreshed the '<qmem ....>' requests are blocked from reaching the QlikView server. Organisational policy means that we are not allowed to change either of these flags in non-development environments, (hence why it works in dev), and therefore we are having to down grade the presentation in order to avoid using the images.
If anyone has any suggestions as to how we can get round this problem, or if there is an update to the next version of QlikView this would be very useful.
The issue is that the images uses the double // and siteminder reject these by default. If you look at Fiddler trace you will see:
Notice the red // this is what is causing the issues. If you set Siteminder to allow the // things will work fine.
Bill - Designated Support Engineer at Qlik If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.