Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Control whether a user can perform raw SQL queries on the database.

    The glide.db.allow_unsafe_dbi_execute_sql property enables users to perform raw SQL queries on the database, which can give access to tables and data outside of GlideRecord restrictions. If this property is not set to the recommended value of false, this allows for the calling of dbi.executeStatement() from a Glide Scriptable which can lead to malicious SQL statements being executed.

    Warning:
    This property is both safe and no db override.

    More information

    Attribute Description
    Configuration name glide.db.allow_unsafe_dbi_execute_sql
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value false
    Category Access control
    Security risk
    • Severity score: 7.2
    • CVSS score: High
    • Security risk details: Not setting this property to false enables calling of dbi.executeStatement() from a Glide Scriptable.
    Dependencies and prerequisites None
    References Access Control List Rules