Require authorization for XML requests

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.basicauth.required.xml property to designate if incoming XML requests should require basic authentication.

    If the glide.basicauth.required.xml system property is not set to the recommended value of true, then Basic Authentication is disabled for the XML format export processor. This also happens when combined with a wrong role within the guest_user related property (For example a high privileged user such as Admin). This leads to unauthenticated access to instance data.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.basicauth.required.xml
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <none>
    Fallback value false
    Category API and web service
    Security risk
    • Severity score: 7.5
    • CVSS rating: High
    • Security risk details: Unauthenticated access to XML export data, when combined with misconfigured guest user role, poses a significant risk of unauthorized data exposure.
    Functional impact None
    Dependencies and prerequisites None