SN System Properties Reference
Property reference

glide.xml.entity.whitelist

The glide.xml.entity.whitelist property specifies which system IDs are permitted for XML external validation. Administrators should review this setting to ensure only trusted sources are allowed, enhancing security during XML processing.

Default: http://java.sun.com/j2ee/dtds/ Type: string Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property defines a whitelist of system IDs that can be used for XML external validation, helping to prevent unauthorized access or data exposure.
What area does it affect? XML processing
What does the default mean? The default value is "http://java.sun.com/j2ee/dtds/", which is the baseline setting used unless it is changed.
When should you review it? Review this property when configuring XML validation settings or updating security protocols.

Out of the box property record

Raw metadata from the property record.

Property name glide.xml.entity.whitelist
Sys ID 88a1dbab55714074837f89b246df9387
Type string
Application Global
Default value http://java.sun.com/j2ee/dtds/
Description Control which systemID is allowable for XML external validation
Updated 2024-05-25 04:03:22

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... 1 Act Entity expansion should be disabled An attacker can leverage this to expand data exponentially, quickly consuming all system resources resulting in a Billion Laugh attack. Ensure the property "glide.xml.entity.whitelist" is set to "http:// java.sun.com/j2ee/ dtds/" and the property "glide.xml.entity.whitelist.enabl is set to "true". Documentation sn_SE10284 1 Act Openframe origin validation should be enabled Without proper origin validation, any webpage ...
Documentation excerpt View supporting context
Context preview Snippet 2
... allowed external entities when entity expansion is needed for customizations. If glide.stax.allow_entity_resolution is set to true, set glide.stax.whitelist_enabled to true and define a listing of comma- delimited FQDN in the glide.xml.entity.whitelist property. For more information, see Require XMLdoc2 entity validation with allowlist . • Type: true | false • Default: true • Location: System Property [sys_properties] table glide.sys.activity_using_audit_direct [Not Supported] Controls ...
Documentation excerpt View supporting context
Context preview Snippet 3
... product names, and logos may be trademarks of the respective companies with which they are associated. 253 Documentation Updates Restrict XML external entities • Description ◦(Old‎ <blank> ◦(New‎ Use the glide.xml.entity.whitelist.enabled and glide.xml.entity.whitelist system properties to prevent your instance from processing XML external entities from untrusted sources. XML external entity (XXE‎ attacks occur when a malicious actor modifies incoming XML to ...
Additional source link Another external reference for this property
Open reference