Jump to content

Recommended Posts

I have made an application with different user levels, which means a specific user can only access certain functions within the application.

 

Currently I have stored the user information (login-name, password, access rights) within a project-database, where the data are stored within the visilogic-project file and are read-only for the PLC. Unfortunately, it is possible to extract these data using Unitronics DataXport which would give everybody the ability to read all user datas and passwords at anytime.

 

Can anyone support me with either a way to protect the database itself, the data within the database (e.g. using some encryption) or point me to a different way how to handle these data? Any help is highly appreciated.

 

 

 

 

Share this post


Link to post
Share on other sites

Hello,

 

Do you mean that one will download DataXport from our website and access the data tables?

When using DataXport, you can define which data tables can be retreived. in this case you can define only the data tables which does not include the information you wish to secure.

Please note that you can block access to the PLC using SB314. whenever it is on no one will be able to access the PLC using both serial and Ethernet connection.

Share this post


Link to post
Share on other sites

Hello,

 

Do you mean that one will download DataXport from our website and access the data tables?

Yes, I think this might happen.

 

I have designed a system which will be sold to different companies who compete on the same market. Therefore I want to ensure that company A cannot get access to passwords of company B and vice versa.

 

 

 

> When using DataXport, you can define which data tables can be retreived. in this case you can define only the data tables which does not include the information you wish to secure.

> Please note that you can block access to the PLC using SB314. whenever it is on no one will be able to access the PLC using both serial and Ethernet connection.

 

Not sure about that.

 

I have designed the database as part of project. Nevertheless I can easily access the databases and read both structure and all values using DataXport. I didn't find any kind of protection. So, I believe anyone could simply download DataXport from the unitronics website, install it and get access to this database - or am I wrong?

Share this post


Link to post
Share on other sites

I guess the better option is to encrypt sensitive data such as password. This can be accomplished using math calculation in ladder when reading and writing from/to database. User may be able to see datatable but encrypted password.

Other way, would be using registers to save such information.

Share this post


Link to post
Share on other sites

I had the same thought. But I didn't want to invest too much time to develop a strong encryption routine... And as the customer can download the whole list of password and knows at least one correct password (his own), it might be an easy task to hack the least if it isn't a strong encryption.

 

But if I remember correctly then there is no way to access the string library, is it? So I think about storing the passwords in the string libray, e.g. place it from string 200 - 220. The I could use a MI as pointer to the password string, read the string to MIs and compare it with the data provided by the user. If password in string 210 matches then I would read the access rights from row 10 (210-200) of the database.

 

Does anyone know for sure whether the string library is really protected against external access or not? Of course this would be essential for my approach.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...