Disable SQL error messages

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.db.loguser property to disable SQL error messages from rendering in a browser.

    If glide.db.loguser is not set to the recommended value of false, then sensitive server-side error messages could be displayed to end-users. Error messages can include stack traces and information about the structure of the database that could provide an attacker the knowledge needed to perform successful SQL Injection should the preconditions exist.

    Ensure that the glide.db.loguser system property is set to false.

    More information

    Attribute Description
    Property name glide.db.loguser
    Configuration type System Properties (/sys_properties_list.do)
    Category Error handling and logging
    Purpose To disable SQL error messages from displaying within the browser.
    Type Boolean
    Recommended value false
    Default value true
    Security risk rating 3.1
    Functional impact This remediation disables rendering of SQL error messages. There is no impact to any functionality.
    Security risk (Medium) No sensitive SQL information that could help an attacker should appear as a part of error message on a web page.

    More information

    Attribute Description
    Configuration name glide.db.loguser
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value <none>
    Fallback value true
    Category Error handling and logging
    Security risk
    • Severity score: 3.1
    • CVSS rating: Low
    • Security risk details: Messages can include stack traces and database structure details, which attackers can leverage to craft targeted SQL injection attacks if other vulnerabilities exist. Exposing internal error information increases the risk of exploitation.
    Functional impact None
    Dependencies and prerequisites None