5 Replies Latest reply: May 25, 2016 11:51 PM by Leigh Kennedy RSS

    Shared Session URL

    Fábio Ribeiro

      Hi all.

       

      Someone know how to hide a host information in URL when we shared a session?

       

      http://localhost/QvAJAXZfc/opendoc.htm?invite=240C5BB758AADDC5C0060E079D759A7EC7F9F20F&anonymous=&host=svrlab02

       

      &host=SVRLAB02 can't be displayed by security reasons.

        • Re: Shared Session URL
          Peter Cammaert

          Unfortunately, this parameter is required whenever you need to direct opendoc.htm to a QVS that isn't residing on localhost. AFAIK that's the case for every user that clicks the link in an email message on his/her desktop/laptop.

           

          Why is server SVRLAB02 a secret? Does nobody know where the QlikView documents are hosted? Or is this security elevated because you are dealing with external users that may know about the AP host but everything else should be hidden?

           

          Peter

            • Re: Shared Session URL
              Fábio Ribeiro

              Hi Peter, how are you?

               

              In this example I took a internal link only to illustrate the problem, the server from which I'm referring is a Government server, and it will be accessed internally and externally too.

               

              This point of view the server name publicly on the internet is a matter of information security.

                • Re: Shared Session URL
                  Peter Cammaert

                  Hmmm, I don't know for sure, but I don't think it's possible to change the URL that is embedded in a Shared Session invitation.

                   

                  You could rewrite opendoc.htm so that it doesn't need the host=XYZ parameter anymore by hardcoding the default destination in that file. But that still doesn't change the invitation URL.

                   

                  I guess Alexander Karlsson can tell us more about this issue. Not sure if he's still available. Let's try.

                   

                  Peter

                    • Re: Shared Session URL
                      Alexander Karlsson

                      As far as I know you can’t modify the invite url but it has been a while since I last looked at it.

                      But if revealing the hostname is a issue I would be careful anyhow, don’t we leak that information through the document info menu anyhow?

                       

                       

                      Alexander Karlsson

                      Developer Relations Engineer

                       

                       

                       

                      The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

                    • Re: Shared Session URL
                      Leigh Kennedy

                      It only shows the short host name, not the FQDN. Thinking outside the Square, why not just make sure the host name doesn't identify the server from outside.  i.e. if the server name is ABC123 then that will mean nothing unless people are on your network.  If its an internal IP address, it won't resolve externally if someone tries to work it out.