Require authorization for XML output requests

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Configure this property so that basic authorization is required for all inbound XMLOutputProcessor requests.

    If the glide.basicauth.required.xmloutputprocessor system property is not set to the recommended value of true, then basic authorization is not required for all inbound XMLOutputProcessor requests. This could lead to unauthenticated information disclosure from the instance.

    Ensure that the property glide.basicauth.required.xmloutputprocessor exists in the System Properties [sys_properties] table and is set to true.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.basicauth.required.xmloutputprocessor
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <none>
    Fallback value false
    Category API and web service
    Security risk
    • Severity score: 7.5
    • CVSS rating: High
    • Security risk details: Unauthenticated access to XML export data, when combined with misconfigured guest user role, poses a significant risk of unauthorized data exposure.
    Functional impact None
    Dependencies and prerequisites None