Require authorization for WSDL request [Updated in Security Center 1.3 and 1.5]

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Use the glide.basicauth.required.wsdl property to designate if incoming WSDL (Web Services Description Language) requests should require basic authentication.

    If glide.basicauth.required.wsdl is not set to the recommended value of true, then , then this will disable Basic Authentication for WSDL requests. WSDL is a protocol that is used to describe web services such as instance table schemas, and is not a mechanism for sharing the data within tables. Setting this property to true allows for disclosure of table schemas to unauthenticated users.

    주:
    If you choose not to require basic authentication for incoming WSDL requests, you must modify Access Control (ACL) rules to enable guest users to access the WSDL content.

    More information

    경고:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
    Attribute Description
    Property name glide.basicauth.required.wsdl
    Configuration type System Properties (/sys_properties_list.do)
    Category API and web service
    Purpose To enforce basic authentication on WSDL requests.
    Recommended value true
    Security risk rating 5.3
    Functional impactThis remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control.
    • It performs this authentication while retrieving data from tables/pages in the form of WSDL data on the instance.
    • It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions.
    Security risk (Medium) Without appropriate authorization configured on the WSDL web services, an unauthorized user can get access to sensitive WSDL content/data on the target instance.
    References Web service security