Qlik Cloud Services deployment
This diagram shows Qlik Cloud Services (QCS) connected to a Qlik Sense Enterprise node. This deployment provides the ability to scale up the number of apps (read only) for user consumption. The QCS cluster is deployed as a fully-managed service provisioned and administered by Qlik.
CSRF security for Qlik Cloud Services
Cross-site request forgery (CSRF) is when someone attacks a user’s web application by taking advantage of that user’s authentication. For example, if a user is already authenticated on a secure web application and they click a malicious link during their web session, an attacker can then use their authentication to perform tasks or actions without the user's permission or knowledge.
To ensure that QCS APIs are protected against CSRF security risks, Qlik has implemented token-based anti-CSRF security for its APIs that will prevent CSRF attacks.
This token is generated on the server-side and is linked to a specific session by the web server, which is then used as a hidden value in every web application form. Since the token is on the server side and not in the web session, a hacker has no way to get that token because they do not have access.