Require authorization for JSONv2 request [Updated in Security Center 1.3]

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Require authorization for JSONv2 request [Updated in Security Center 1.3]

Release version: Xanadu

Updated August 1, 2024

1 minute to read

Use the glide.basicauth.required.jsonv2 property to designate if incoming JSONv2 requests should require basic authorization.

Warning:

This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.


Attribute	Description
Property name	glide.basicauth.required.jsonv2
Configuration type	System Properties (/sys_properties_list.do)
Category	API and web service
Purpose	To enforce JSONv2 requests authorization.
Security risk rating	7.5
Recommended value	true
Functional impact	This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of JSON data on the instance. It restricts any guest users who are currently accessing this data. Create an account for a user who needs access to this content, with the necessary access control permissions. To learn more, see JSONv2 Web Service JSONv2 Web Service.
Security risk	(High) Without appropriate authorization configured on the data source JSON requests, an unauthorized user can access sensitive content/data on the target instance.
References	Authentication Requiring basic authentication for incoming JSONv2 requests