How is scrambled password in connection string encrypted? What hash is used?
In Script Editor > Settings, there is a setting called "Scramble Connect User Credentials".
If it is checked, when generating a database connection string using wizard, the password will be scrambled as below:OLEDB CONNECT TO [Provider=OraOLEDB.Oracle.1;Persist Security Info=False;User ID=hr;Data Source=oraclexe;Extended Properties=""] (XPassword is UHAKDUJODA);
How is this password encrypted? What type of encryption has been implemented?Environment:
QlikView any version
None of the connection string parameters in the load scripts are encrypted, they are merely masked so that the string cannot be read in clear text.
The key to protecting the load scripts and the connection strings lies in securing the Source Documents. When using QlikView Publisher, the distribution of the document strips the script from the file, so the user-facing document will never contain any of the script, and thus none of the connection strings.
A QlikView environment can be set up so that the QlikView Distribution service server sits on the same network segment as the database servers, creating a back-end that can be tightly secured by firewalls. The Distribution service server then needs only a one-machine to one-machine connection open toward the front-end layer, the QlikView Server itself, used to transfer the document in a script-removed state that will then be accessible for the end users.
If it is suspected that the credential details in the connection string has been exposed, the recommendation is for the connection credentials to be changed at that time.
Please reach out to us if you need contact with a Consultant that can help you design such an environment if security is a concern for you.