CSV request authorization (instance security hardening)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Use the glide.basicauth.required.csv property to designate if incoming CSV (Comma-Separated Values) requests should require basic authentication.

    More information

    Attribute Description
    Property name glide.basicauth.required.csv
    Configuration type System Properties (/sys_properties_list.do)
    Configure in Instance Security Center Yes
    Purpose To enforce basic authentication on CSV requests.
    Recommended value true
    Functional ImpactThis remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control.
    • It performs this authentication while retrieving data from tables/pages in the form of CSV data on the instance.
    • It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions.

    To learn more, see Retrieving data from a CSV formatted file.
    Security risk (Medium) Without appropriate authorization configured on the incoming CSV requests, an unauthorized user can get access to sensitive content/data on the target instance.
    References Web service security

    To learn more about adding or creating a system property, see Add a system property.