Restrict unauthenticated access to attachments (instance security hardening)
Use the glide.image_provider.security_enabled property to control the security settings for images. If set to true, images are visible only to authenticated and authorized users. If set to false, images are visible to anyone with a URL to the attachment.
More information
| Attribute | Description |
|---|---|
| Property name | glide.image_provider.security_enabled |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To prevent unauthenticated access of attachment when rendered using the .iix format. |
| Recommended value | true |
| Functional Impact | No significant impact on the functionality. User experience might be affected a bit because the user who formerly directly accessed .iix must go through authentication. |
| Security risk | (High) Restriction must be applied for unauthenticated users as some attachment might contain sensitive information. |
| References | Administering attachments |
To learn more about adding or creating a system property, see Add a system property.