Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]

Watch

Save as PDF

Share this page

Feedback

HomeYokohama Platform securityPlatform SecurityHardening settingsAccess controlDisable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]

Table of Contents

Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]

Release version:
Yokohama
Xanadu
Washington DC
Vancouver
UpdatedJan 30, 2025
1 minute read

Yokohama
Platform Security

Disable raw database query execution [Updated in Security Center 1.3 and removed in 2.0]

Control whether a user can perform raw SQL queries on the database.

The glide.db.allow_unsafe_dbi_execute_sql property enables users to perform raw SQL queries on the database, which can give access to tables and data outside of GlideRecord restrictions. If this property is not set to the recommended value of false, this allows for the calling of dbi.executeStatement() from a Glide Scriptable which can lead to malicious SQL statements being executed.

Warning: This property is both safe and no db override.

More information

Search:


Attribute	Description
Configuration name	glide.db.allow_unsafe_dbi_execute_sql
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	false
Default value	false
Category	Access control
Security risk	Severity score: 7.2 CVSS score: High Security risk details: Not setting this property to false enables calling of dbi.executeStatement() from a Glide Scriptable.
Dependencies and prerequisites	None
References	Access Control List Rules

Yokohama Platform security

Filters

Versions

Products