THE INFORMATION IN THIS ARTICLE APPLIES TO:
EFT's web client uses form-based authentication. Basic auth is provided to remain compliant with RFC 7617. As added assurance that best practices are followed, EFT administrators can force use of HTTPS for all connections.
In EFT v8.0, all registry settings were moved to AdvancedProperties.json. For information about Advanced Properties, refer to the online help for your version of EFT.
You can disallow (shut off) basic authentication for HTTPS using the advanced property below. This advanced property was created to disable basic authentication, even though EFT does not use this for our Web Client or Web Services.
In version 8 and later, add the advanced property below to C:\ProgramData\Globalscape\EFT Server\AdvancedProperties.json:
true disables basic authentication; false enables basic authentication
Prior to v8:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\
Value name: DisableHTTPBasicAuthentication
Values: Default = 0; 1 = disable basic authentication for HTTPS.
Restart Required: Yes