Require authentication by default for client-callable script includes
By default, client-callable script includes that do not explicitly set visibility, are public. If needed, add the glide.script.ccsi.ispublic property to enable privacy control over all client-callable script includes accessed by public pages.
The glide.script.ccsi.ispublic system property makes sure that client-callable script-includes, also known as Ajax script includes, are not automatically made available to non-authenticated users. If glide.script.ccsi.ispublic is not set to the recommended value of false, then it allows script includes to be run as public scripts and allow unauthenticated users access to instance data.
Ensure that the property glide.script.ccsi.ispublic is set to false.
Warning:
This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.script.ccsi.ispublic |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | |
| Recommended value | false |
| Default value | <none> |
| Fallback value | false |
| Category | Access control |
| Security risk |
|
| Functional impact | If the client-callable script includes are designated as public (that is, this property is missing), then unauthenticated users can execute client scripts. Add the property restricts the execution of scripts by a non-logged-in user. |
| Dependencies and prerequisites | None |