When you activate the High Security plugin, it creates or updates hundreds of different configurations to control the level of security on your instance. These configurations mitigate many of the top OWASP attacks by enabling strict access control, input validation, and output encoding.

These configurations include:

• Access Control
• Business rules
• System properties
• UI policy action
• script actions
• script includes

Example

Refer to the examples for the following properties:

Property	Topic
glide.ui.escape_all_script	Escape Jelly
glide.security.strict.actions	Check UI action before execution
glide.security.csrf_previous.allow	Anti-CSRF token
glide.security.csrf.strict.validation.mode	CSRF strict validation

More information

Attribute	Description
Plugin Name	com.glide.high_security
Configuration type	System Definition > Plugins - Development
Category	Access control
Purpose	It is mandatory to activate this plugin. It increases the security level of an instance, which reduces the attack surface by mitigating owasp top 10 attacks, including CSRF, XSS, Securing Session Cookies, and File uploads.
Recommended value	Active
Security risk rating	9.8
Functional impact	This plugin enables several system security configurations, which may impact UI and functionality as well.
Security risk	(High) Many security configurations are unintentionally left open, which may open the door for some of the critical vulnerabilities.
References	Activating High Security Settings High Security Settings

To learn more about activating a plugin, see Activate a plugin