Securing analytic connections

Consider the following best practices to strengthen the security of your Qlik Sense environment when using an analytic connection:

  • Install and run the server-side extension (SSE) plugin in a separate, isolated environment without administrator rights. To minimize harm from a malicious script, be aware of which user account is starting the plugin and what access rights this user has in the machine and in the domain.
  • For enhanced security, the EvaluateScript functionality can be disabled by setting the configuration parameter allowScript to false in the SSE plugin configuration file. This will prevent arbitrary scripts from being executed and allow only predefined functions to be run by the SSE plugin.
  • Application developers creating Qlik Sense apps are advised to set any variables used in an SSE expression to a restricted format; for example, you can restrict a variable format to only numeric values.