General security settings properties

Security settings provides several properties to control the level of security on your instance.

Table 1. General security settings
Property Description Default
Escaping and embedded script support
glide.ui.security.allow_codetag Allow support for embedding HTML code by using the [code] tag. True
glide.ui.security.codetag.allow_script Allow embedded HTML (using [code] tags) to contain Javascript tags
glide.ui.escape_all_script Forces all expressions within Jelly <script> tags to be escaped by default.
Attachment Limits and Behavior
com.glide.attachment.max_size Maximum file attachment size in megabytes:
glide.attachment.role List of roles (comma-separated) that can create attachments:
glide.attachment.extensions List of file extensions (comma-separated) that can be attached to documents via the attachment dialog. Extensions should not include the dot (.) e.g. xls,xlsx,doc,docx. Leave blank to allow all extensions.
glide.ui.strict_customer_uploaded_static_content When set to 'true' turns on the ability to restrict the types of files that can be download, when they have been uploaded using the Upload File functionality of the platform. Used in conjunction with glide.ui.strict_customer_uploaded_content_types.
glide.ui.strict_customer_uploaded_content_types When the glide.ui.strict_customer_uploaded_static_content_types parameter includes a list of comma delimited files. These will be the only file types that can be downloaded as static content from an instance.
glide.ui.attachment.force_download_all_mime_types Forces download of all attachment files.
glide.security.file.mime_type.validation This property must be set to activate MIME type checking for uploads (All version Eureka and up). Enables (true) or disables (false) mime type validation for file attachments. File extensions configured via glide.attachment.extensions will be checked for MIME type during upload.
Security Manager and Options
glide.security.manager Security Manager
glide.sm.default_mode Security manager default behavior in the absence of any ACLs on a table
glide.security.strict.updates Double check security on inbound transactions during form submission (rights are always checked on form generation)
glide.security.strict.actions Check conditions on UI actions before execution, normally the conditions are only checked during form rendering
glide.security.granular.create Enforce create (as opposed to write) rules on new records.
glide.security.explain.write.locks Display an explanation on locked form elements.
Cookies
glide.ui.forgetme Remove "Remember me" checkbox from login page.
glide.ui.secure_cookies Enable secure session cookies: Enable additional cookie security. If checked, strict session cookie validation is enforced. With version 3 cookies enabled, additional security requirements are also enforced.
glide.secure_cookie.debug Secure session cookie debugging: Check to enable extensive debug logging of secure session cookie operations.
Security restrictions for execution of scripts originating from the client
glide.script.use.sandbox Run client generated scripts (AJAXEvaluate and query conditions) inside of a reduced rights "sandbox". If enabled, only those business rules and script includes with the "Client callable" checkbox set to true are available and certain back-end API calls are disallowed.
glide.script.allow.ajaxevaluate Enable the AJAXEvaluate processor
glide.script.secure.ajaxgliderecord Apply standard security ACLs to AJAXGlideRecord calls True for new instances and upgrades. If true, this property cannot be changed to false.
Miscellaneous
com.glide.communications.trustmanager_trust_all By default, the instance trusts a certificate's Certificate Authority (CA). This ensures the instance accepts self-issued certificates. If you want to validate a certificate's CA, set the system property to false.
glide.outbound.sslv3.disabled When active, outbound connections from an instance will be forced to use TLS instead of SSL.