Require authorization for XML output requests [Updated in Security Center 1.3]

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Configure this property so that basic authorization is required for all inbound XMLOutputProcessor requests.

    If the glide.basicauth.required.xmloutputprocessor property is not set to the recommended value of true, then basic authorization is not required for inbound XMLOutputProcessor requests which could lead to unauthenticated information disclosure from the instance.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.basicauth.required.xmloutputprocessor
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value true
    Category API and web service
    Security risk
    • Severity score: 7.5
    • CVSS score: High
    • Security risk details: Not setting the property to the recommended value of true could lead to sensitive information being leaked from the instance.
    Dependencies and prerequisites None