Security scan shows 'Unprotected Files' on login level of Tableau Server

Udgivelsesdato: Feb 14, 2025

Beskrivelse

Some security scan results may flag 'Unprotected Files' on the root level of Tableau Server that can be accessed without authentication.

For example, these HTML files (and their compressed/gzipped equivalents) may likely look like the following list:

https://tableau.<servername>.com:443/vizportal.min.js
https://tableau.<servername>.com:443/rsa.js
https://tableau.<servername>.com:443/console-polyfill.js
https://tableau.<servername>.com:443/vizportalMinLibs.js
https://tableau.<servername>.com:443/messageformat.js
https://tableau.<servername>.com:443/js.cookie.js
https://tableau.<servername>.com:443/Underscore.js
https://tableau.<servername>.com:443/jquery.js
https://tableau.<servername>.com:443/javascripts/api/tableau-2.0.2.min.js
https://tableau.<servername>.com:443/en/embeddedAuth.html
https://tableau.<servername>.com:443/en/textBox.html
https://tableau.<servername>.com:443/en/passwordBox.html
https://tableau.<servername>.com:443/en/signingIn.html
https://tableau.<servername>.com:443/en/signInLogo.html
https://tableau.<servername>.com:443/en/login.html

Cause

The functionality within these scripts need to be available in this location for the login page and Guest user to function correctly. These files are pre-compressed versions of the corresponding .html and .js files and are produced when the product is built. There is no sensitive information nor dynamic content of any kind contained in these files. They are available to an unauthenticated user by design to provide UI functionality that allows a user to authenticate to the system.

Løsning

The list of .gz files are HTML and javascript code that allow Tableau Server login to work properly. They do not pose a security risk.

Vidensartikelnummer

001472958

Løste denne artikel dit problem?

Giv os besked, så vi kan forbedre os!

General Information

Required Cookies

Functional Cookies

Advertising Cookies