When you activate the High Security plugin, it creates or updates hundreds of different configurations to control the level of security on your instance. These configurations mitigate many of the top OWASP attacks by enabling strict access control, input validation, and output encoding.

These configurations include:
  • Access Control
  • Business rules
  • System properties
  • UI policy action
  • script actions
  • script includes

Example

Refer to the examples for the following properties:

PropertyTopic
glide.ui.escape_all_script Escape jelly script [Updated in Security Center 1.3 and 1.5]
glide.security.strict.actions Check UI action conditions before execution
glide.security.csrf_previous.allow Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0]
glide.security.csrf.strict.validation.mode Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5]

More information

AttributeDescription
Plugin Name com.glide.high_security
Configuration type System Definition > Plugins - Development
Category Access control
Purpose It is mandatory to activate this plugin. It increases the security level of an instance, which reduces the attack surface by mitigating owasp top 10 attacks, including CSRF, XSS, Securing Session Cookies, and File uploads.
Recommended value Active
Security risk rating 9.8
Functional impact This plugin enables several system security configurations, which may impact UI and functionality as well.
Security risk (High) Many security configurations are unintentionally left open, which may open the door for some of the critical vulnerabilities.
References

Activating High Security Settings

High Security Settings

To learn more about activating a plugin, see Activate a plugin