If your load scripts are protected from malicious eyes you should have nothing to worry about. We need to put that disclaimer in there because when you disable standard mode - the full path is exposed in the load script - so instead of seeing:
You would see:
NOTE that you would still need permissions from windows to allow the appropriate access to perform read, write operations.
So in other words - there is nothing malicious that could take advantage by disabling standard mode.
Hope this helps:
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads as HELPFUL if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads as HELPFUL if you feel additional info is useful to others.
In addition to what Michael said, LIBraries appear in the QMC and can be governed, i.e.: granted users access to or revoked or disabled. When the script uses the full path and it changes, it is up to the developer to update the connection manually in the script, and it is not reusable by other applications, it must be specified manually again in the script for those apps.
This does not imply any security risk per se, but a maintenance effort to bear in mind.
Last but not least, the script in Qlik Sense cannot be hidden as of Sep 2017 version -there are other ways of protecting it-, in our case, most of the script is hidden in QlikView apps and using $(Include=) and similar approaches to completely separate the development from the administration, and scripts in QlikView can be reused in Qlik Sense. This may not be your case but worth exploring, too.
I'm also using JMeter to cache warm some apps, but I use Windows Scheduler tasks calls instead of the execute for the reasons above among others.
Surely the issue is though that the Service Account for running the Qlik services must have access to every where on the file system that any application can load data from.
If Standard Mode is turned off then any user who has the ability to edit a load script can load from or write to any location on the file system that the service account can see (as they effectively inherit the service accounts permissions).
It would be straight forward for a user to do a for each vFile in FileList('c:\') and then the same for FolderList to get a complete list of files in the file system, from which they can then load from. As well as loading from, they can also write to - causing damage and injecting data into apps.
With Standard mode on you can chose whether or not users can create connections, or just consume existing governed connections. Without it they don't need to use connections and libraries at all.
If you are in a situation where anyone who has permission to write a load script should be able to see the whole file system then all is well. If, on the other hand, you have users who need to be able to write load scripts, but should only be able to see their own files you have a problem.
I'm torn on this topic, as I often need to disable standard mode for clients to be able to do things with the REST connector and/or Qlik Web Connectors, but I am all too aware of the potential pitfalls.
I know chrisbrain has some thoughts on this topic also...
Our interest in this topic was primarily because standard mode also has the effect of preventing you from building http request paths at script runtime so limiting the flexibility of the Qlik Web Connectors. I can see the issue though - presumably you could configure the service account running the Qlik Service to have limited access to the file system.
Hi Chris, the issue is that the service account needs to have access to all data that it needs to reload through the task scheduler. This means that you can't give a user access to only part of that data, if Standard Mode is disabled. The method for doing this with Security Groups on connections is very elegant, but can be effectively circumnavigated if a non-lib load is performed.