Require authorization for csv requests [Updated in Security Center 1.3]

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the glide.basicauth.required.csv property to designate if incoming CSV (Comma-Separated Values) requests should require basic authentication.

If the glide.basicauth.required.csv system property isn't set to the recommended value of true, then Basic Authentication for CSV format export processor is disabled. This also happens when combined with a wrong role within the guest_user related property (Ex: high privileged role). This will lead to unauthenticated access to instance data.

Ensure the property glide.basicauth.required.csv exists in the System Properties [sys_properties] table and is set to true.

Warning:

This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

More information


Attribute	Description
Configuration name	glide.basicauth.required.csv
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	false
Category	API and web service
Security risk	Severity score: 7.5 CVSS rating: High Security risk details: Unauthenticated access to CSV export data, when combined with misconfigured guest user role, poses a significant risk of unauthorized data exposure.
Functional impact	This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of CSV data on the instance. It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions. To learn more, see Retrieving data from a CSV formatted file.
Dependencies and prerequisites	None