SN System Properties Reference
Property reference

glide.soap.strict_security

The glide.soap.strict_security property enforces strict security measures on incoming SOAP requests. Admins should ensure this is enabled to maintain proper access control and security for web services, as it checks user roles and permissions.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property requires incoming SOAP requests to be validated through the security manager for access to tables and fields, ensuring only authorized users can interact with the web service.
What area does it affect? SOAP web services
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring SOAP integrations or assessing security protocols.

Out of the box property record

Raw metadata from the property record.

Property name glide.soap.strict_security
Sys ID 33ad80d80a0a0b500050ffc63d3935f6
Type boolean
Application Global
Default value true
Description Enforce strict security on incoming SOAP requests. Checking this requires incoming SOAP requests to go through the security manager for table and field access, as well as checking SOAP users for the correct roles for using the web service.
Updated 2024-05-25 03:58:22

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... then the instance treats all web services operations as being done by the system administrator. Make sure the user you select has appropriate SOAP privileges if you are using the glide.soap.strict_security high security setting. This field is only visible when the type is X509. Order Enter the order in which the instance checks security profiles. The instance checks all security profiles ...
Documentation excerpt View supporting context
Context preview Snippet 2
... Documentation sn_SE10155 1 Act Strict security should be enabled for SOAP requests Unauthorized user can get access to sensitive content/data on the target instance. Either update the value of the glide.soap.strict_security system property to true OR insert this system property with a value of true. Documentation sn_SE10156 1 Act Jelly interpolation should be enabled JEXL injection can lead to both Cross ...
Documentation excerpt View supporting context
Context preview Snippet 3
... to XML export data, when combined with misconfigured guest user role, poses a significant risk of unauthorized data exposure. Enforce SOAP request strict security • Description ◦(Old‎ <blank> ◦(New‎ If "glide.soap.strict_security" is not set to the recommended value of "true", then users do not need a SOAP role to make requests of non-public pages when the high security or web service ...
Additional source link Another external reference for this property
Open reference