Require authorization for RSS requests

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.basicauth.required.rss property to designate if incoming RSS requests should require basic authentication.

    The glide.basicauth.required.rss system property controls basic authorization for inbound RSS requests. If glide.basicauth.required.rss isn't set to the recommended value of true, then Basic Authentication for RSS format export processor is disabled. This also could be combined with a wrong role within the guest_user related property, this will lead to unauthenticated access to instance data.

    Ensure the property glide.basicauth.required.rssexists in the System Properties [sys_properties] table and is set to true.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.basicauth.required.rss
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <none>
    Fallback value false
    Category API and web service
    Security risk
    • Severity score: 7.5
    • CVSS rating: High
    • Security risk details: Unauthenticated access to RSS export data, when combined with misconfigured guest user role, poses a significant risk of unauthorized data exposure.
    Functional impact This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control.
    • It performs this authentication while processing RSS requests on the instance.
    • It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions.

    To learn more, see RSS feed generator.
    Dependencies and prerequisites None