Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

Can Apps and Macros in Alteryx public Gallery be trusted?

Ashish
8 - Asteroid

 

 

I am (my organization is) curious to know if there are any measures in place to make sure that the apps and macros are safe to download and use, can there be scripts hidden in macros that can snoop around or install a ransom-ware or access some websites which could be violation of any kind EULA etc.

 

I think it will also be a good idea to add a user review section for each macro/app so it users can share their experience about them for everyone's benefit. I found some macro's that does't run anymore so I think they should not be out there in the gallery, or if they are there an active discussion around them would be helpful.

 

Thanks,

 

4 REPLIES 4
MarqueeCrew
20 - Arcturus
20 - Arcturus

@Ashish,

 

I acknowledge the concern.  Each of the yxmd, yxmc and yxwz (workflow, macro and application) files posted to the gallery or to community are essentially text files (xml).  If you download a packaged file (yxzp), it might contain other applications.  I would encourage you to have anti-virus software check the files that you download and after that open the files with Alteryx.  For non-yxzp packages opened, you can check for tools that include the RUN Command, Download and Email tools.  

 

Applications that run in the gallery have been checked for "safety" by disallowing restricted tools from the applications:

 

Warnings are reported at the tool level and indicate an app will not be able to be run in the Gallery unless Alteryx grants an exemption. To apply for an exemption, see below. Some common warnings include:

Email(10): The Email tool is prohibited in the Analytics Gallery.

Run Command(11): The Run Command tool is prohibited in the Analytics Gallery.

Events are prohibited in the Analytics Gallery.

 

The following Alteryx Designer tools and events are prohibited in the Analytics Gallery due to the numerous possible configurations and the actions that can be performed:

Though exceptions may allow the applications to be included in the gallery, due diligence on your part is always a good thought.

 

I hope that this helped to solve the question for you.

 

Cheers,
Mark

Alteryx ACE & Top Community Contributor

Chaos reigns within. Repent, reflect and restart. Order shall return.
Please Subscribe to my youTube channel.
SeanAdams
17 - Castor
17 - Castor

To Mark's point, content downloaded from the gallery can do harm to your environment, so it's necessary to unpick exactly what's going on in any downloaded content before using it.

 

One example, which doesn't use any of the commands that Mark mentioned below, is that a macro could do a variant of a denial of service-type attack, by just continuing to generate files which eventually will force your server to run out of space and crash due to lack of temp space for memory.

 

So - yes they can do harm, however there is such good content out there that it's worth exploring the content, getting to know authors who you have seen useful content from (possibly adding a review capability to the public gallery like you're saying) and always thinking defensively about anything you download.

 

Have a good week

Sean

Ashish
8 - Asteroid

Thanks a lot Mark and Sean for your response, It is helpful and makes us more comfortable about using these macros. However As Sean has mentioned there are still ways they can do harm, I want to keep watching this post to let other expert & Alteryx share their take on this.

Ashish
8 - Asteroid

@Alteryx,

 

Is there an official response to this. 

 

Also, its going to be immensely helpful if people can rate and review Gallery apps/macros. There should be a way to give/receive feedback and know what others think about the macro, various ways to use it and its usefulness.