Require authorization for csv requests [Updated in Security Center 1.3]

Zurich Platform security

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Require authorization for csv requests [Updated in Security Center 1.3]

Release version: Zurich

Updated July 31, 2025

1 minute to read

Use the glide.basicauth.required.csv property to designate if incoming CSV (Comma-Separated Values) requests should require basic authentication.

Warning:

This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.


Attribute	Description
Property name	glide.basicauth.required.csv
Configuration type	System Properties (/sys_properties_list.do)
Category	API and web service
Purpose	To enforce basic authentication on CSV requests.
Recommended value	true
Security risk rating	7.5
Functional impact	This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of CSV data on the instance. It restricts any guest users who are currently accessing this data. If applicable, you may need to create a new account for users who need access to this content, with necessary access control permissions. To learn more, see Retrieving data from a CSV formatted file.
Security risk	(High) Without appropriate authorization configured on the incoming CSV requests, an unauthorized user can get access to sensitive content and data on the target instance. Ensure that glide.basicauth.required.csv exists in the sys_properties table and is set to true.
References	Web service security