What is this glide property used for?
To understand the importance of the glide.script.secure.ajaxgliderecord property in ServiceNow, it is essential to familiarize yourself with three key concepts:
GlideAjax: GlideAjax is a JavaScript class in ServiceNow that facilitates asynchronous communication between client-side scripts and server-side scripts. It allows developers to make AJAX requests to the server without refreshing the entire page.
GlideRecord: GlideRecord is a powerful API in ServiceNow used for database operations, such as querying, updating, inserting, and deleting records. It provides an approach to interact with database tables.
Security Rules and ACLs: ServiceNow uses security rules and ACLs (Access Control Lists) to control access and define permissions for tables and their associated records. These rules help enforce data security and protect sensitive information.
With this in mind, setting the glide.script.secure.ajaxgliderecord property to true in ServiceNow ensures that secure access is enforced for GlideRecords accessed via GlideAjax requests. In simpler terms, it means that the client-side script making AJAX requests to retrieve or modify GlideRecord data must comply with the security rules and Access Control Lists (ACLs) defined for the corresponding table.
Why is this an issue?
Setting the glide.script.secure.ajaxgliderecord property to false can lead to the following problems:
Security Vulnerabilities: When the property is set to false, it bypasses the secure access enforcement for GlideRecords accessed via GlideAjax requests. This can potentially allow unauthorized or malicious client-side scripts to perform unauthorized actions on sensitive data, leading to security vulnerabilities and data breaches.
Violation of Access Controls: This can result in violations of access controls, allowing unauthorized users to read, modify, or delete data that they should not have access to, compromising data confidentiality and integrity.
Non-compliance with Security Policies: ServiceNow instances often implement strict security policies and compliance standards to protect sensitive information. Disabling the secure access enforcement with the property set to false can lead to non-compliance with these policies, potentially resulting in audit failures and regulatory issues.
How do I fix it?
Before setting the glide.script.secure.ajaxgliderecord property to true, it's worth noting that enabling secure access may impact performance due to the additional security checks performed for each AJAX request.
Follow these procedures to set this property to true:
In the Filter Navigator, type and enter sys_properties.list.
Search for
glide.script.secure.ajaxgliderecord.Set Value tab to true.