When you activate the High Security plugin, it creates or updates hundreds of different configurations to control the level of security on your instance. These configurations mitigate many of the top OWASP attacks by enabling strict access control, input validation, and output encoding.

These configurations include:
  • Access Control
  • Business rules
  • System properties
  • UI policy action
  • script actions
  • script includes

Example

Refer to the examples for the following properties:

PropertyTopic
glide.ui.escape_all_script Escape Jelly
glide.security.strict.actions Check UI action before execution
glide.security.csrf_previous.allow Anti-CSRF token
glide.security.csrf.strict.validation.mode CSRF strict validation

More information

AttributeDescription
Plugin Name com.glide.high_security
Configuration type System Definition > Plugins - Development
Purpose It is mandatory to activate this plugin. It increases the security level of an instance, which reduces the attack surface by mitigating owasp top 10 attacks, including CSRF, XSS, Securing Session Cookies, and File uploads.
Recommended value Active
Functional ImpactThis plugin enables several system security configurations, which may impact UI and functionality as well.
Security risk (High) Many security configurations are unintentionally left open, which may open the door for some of the critical vulnerabilities.
References

Activating High Security Settings

High Security Settings

To learn more about activating a plugin, see Activate a plugin.