XML request authorization (instance security hardening)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Use the glide.basicauth.required.xml property to designate if incoming XML requests should require basic authentication.

    More information

    Attribute Description
    Property name glide.basicauth.required.xml
    Configuration type System Properties (/sys_properties_list.do)
    Configure in Instance Security Center Yes
    Purpose To enforce basic authentication on XML requests.
    Recommended value true
    Functional ImpactThis remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control.
    • It performs this authentication while retrieving data from tables/pages in the form of XML data on the instance.
    • It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions.

    To learn more, see XML parser step.
    Security risk (Medium) Without appropriate authorization configured on the incoming XML requests, an unauthorized user can get access to sensitive content/data on the target instance.
    References Authentication

    To learn more about adding or creating a system property, see Add a system property.