Require Authorization for XSD Requests

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Use the glide.basicauth.required.xsd property to designate if incoming XSD (XML Schema Definition) requests should require basic authentication.

    The glide.basicauth.required.xsd system property controls whether authentication is required in order to make a XSD request to an instance. If glide.basicauth.required.xsd is not set to the recommended value of true, then authentication is disabled for XSD requests on the instance.

    Ensure the property glide.basicauth.required.xsd exists in the System Properties [sys_properties] table and is set to true.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.basicauth.required.xsd
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value <None>
    Fallback value false
    Category API and web service
    Security risk
    • Severity score: 5.3
    • CVSS rating: Medium
    • Security risk details: This property allows unauthenticated access to XSD processor leaking sensitive information.
    Functional impact This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control.
    • It performs this authentication while retrieving data from tables/pages in the form of XSD data on the instance.
    • It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions.

    To learn more, see Non-interactive sessions.
    Dependencies and prerequisites None