Enforce SOAP request strict security

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the glide.soap.strict_security property to enforces web service security.

If the glide.soap.strict_security system property is not set to the recommended value of true, then users do not need a SOAP role to make requests of non-public pages when the high security or web service plugin is installed.

Ensure the property glide.soap.strict_security is set to true.

More information


Attribute	Description
Configuration name	glide.soap.strict_security
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	true
Category	Access control
Security risk	Severity score: 6.8 CVSS rating: Medium Security risk details: An unauthorized user can get access to sensitive content/data on the target instance.
Functional impact	None
Dependencies and prerequisites	None

To learn more about adding or creating a system property, see Add a system property.