Search

GlobalSCAPE Knowledge Base

Disallow (Shut Off) Basic Authentication for HTTPS

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.4.11 and later

DISCUSSION

EFT's web client uses form-based authentication. Basic auth is provided to remain compliant with RFC 7617. As added assurance that best practices are followed, EFT administrators can force use of HTTPS for all connections.

EFT v8.0 and later store Advanced Properties in a JSON file. When you upgrade from EFT v7.4.x to EFT v8, the non-default settings that you have defined in the registry will be added to the Advanced Properties file during upgrade. (Default settings become part of the EFT configuration files.) For a more on how to use advanced properties, and a spreadsheet of the advanced properties, please refer to the "Advanced Properties" topic in the help for your version of EFT.

You can disallow (shut off) basic authentication for HTTPS using the advanced property below. This advanced property was created to disable basic authentication, even though EFT does not use this for our Web Client or Web Services.

In version 8 and later, add the advanced property below to C:\ProgramData\Globalscape\EFT Server\AdvancedProperties.json:

{

"DisableHTTPBasicAuthentication":true

}

  • true disables basic authentication;
  • false enables basic authentication 

Prior to v8:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\

Type: BOOL

Value name: DisableHTTPBasicAuthentication

Values: Default = 0; 1 = disable basic authentication for HTTPS.

Restart Required: Yes

Details
Last Modified: 7 Months Ago
Last Modified By: kmarsh
Type: HOTFIX
Rated 3 stars based on 5 votes.
Article has been viewed 49K times.
Options
Also In This Category
Tags