Qlik Sense Enterprise on Kubernetes deployments
This diagram shows an example of a Qlik Sense Enterprise on Kubernetes deployment with a single Kubernetes cluster connected to a Qlik Sense Enterprise on Windows node. The cluster contains one or more of the Qlik Sense microservices such as the Engine or other services deployed across a set of nodes. This deployment provides the ability to scale up the number of apps (read only) for user consumption. The Kubernetes cluster, which is deployed within a public or private cloud, shares data volumes and a MongoDB instance. An Identity Provider (IdP) authenticates users while QSE authorizes access to multi-cloud apps using built-in security rules. The IdP allows the same named users to access content in Qlik Sense Enterprise and the cloud environment, subject to security rules. The Kubernetes cluster, public or private cloud, and network infrastructure are all managed by the customer.
CSRF security for Qlik Sense Enterprise on Kubernetes
Cross-site request forgery (CSRF) is when someone attacks a user’s web application by taking advantage of that user’s authentication. For example, if a user is already authenticated on a secure web application and they click a malicious link during their web session, an attacker can then use their authentication to perform tasks or actions without the user's permission or knowledge.
To ensure that Qlik Sense Enterprise on Kubernetes APIs are protected against CSRF security risks, Qlik has implemented token-based anti-CSRF security for its APIs that will prevent CSRF attacks.
This token is generated on the server-side and is linked to a specific session by the web server, which is then used as a hidden value in every web application form. Since the token is on the server side and not in the web session, a hacker has no way to get that token because they do not have access.