Restrict unauthenticated access to attachments
Use the glide.image_provider.security_enabled property to control the security settings for images. If set to true, images are visible only to authenticated and authorized users. If set to false, images are visible to anyone with a URL to the attachment.
Secure the images on your instance to prevent sensitive information leak. Images on your instance are accessible via urls that end in .iix.
Set the glide.image_provider.security_enabled system property to true to prevent access to your images via these URLs.
This property is not honored for images from the attachment table if the origin table is one of:
- Stationeries [sysevent_email_style]
- Welcome Page Sections [sys_home]
- System Properties [sys_properties]
Restriction should be applied for unauthenticated users as some attachments might contain sensitive information.
More information
| Attribute | Description |
|---|---|
| Property name | glide.image_provider.security_enabled |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Purpose | To prevent unauthenticated access of attachment when rendered using the .iix format. |
| Recommended value | true |
| Default value | false |
| Functional impact | No significant impact on the functionality. User experience might be affected a bit because the user who formerly directly accessed .iix must go through authentication. |
| Security risk |
|
| References | Administering attachments |
To learn more about adding or creating a system property, see Add a system property.