0 Replies Latest reply: Oct 25, 2011 1:10 PM by Gibran Ghazali RSS

    Potential cross site redirection issue?

      Hi All,

       

      I'm new to QlikView and have just setup a server instance. I'm using NTLM authentication with Authentication set to "Always" and the login address set to "Alternate Login Page (web form)".

       

      I notice that if I supply users with a crafted URL, e.g. http://xxx.yyy.zzz/qlikview/logout.htm?login=http://www.google.com the login link on the subsequent page gets redirected to www.google.com.

       

      Is there any way to circumvent this as it's being flagged as a security risk.

       

      Many thanks.