JonathanS Posted July 25 Report Posted July 25 Hello, I am building a custom UAC system for a client as the unitronics in built one isn't as per the customers needs. However, the one thing that is a slight issue is the use of a data table storing usernames and passwords, is there a way of making these not be viewable in the HMI back end/ is there a way of making the data in them non exportable. So the data in the table can never be seen in a human readable format. Thanks
ORSO2001 Posted July 25 Report Posted July 25 Hi JonathanS, i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string.
JonathanS Posted July 26 Author Report Posted July 26 12 hours ago, ORSO2001 said: Hi JonathanS, i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string. Thanks for the help, I shall give this a try
Saragani Posted July 28 Report Posted July 28 If you mean to protect it in UniLogic (and not in the PLC), then you can password protect a table, just like protecting a function or a screen. If you give the user the ability to enter the UniApps, or let him see the users table in an HMI Widget, then as ORSO2001, you should "encrypt" it. Websites doesn't store the password when you register (or at least, most of them don't). Instead, they store a hash of your password (like SHA256 of the password). The PLC does not support SHA256 hashing, but you can calculate CRC of it, so a user cannot get the password from the hash unless he uses a brute-force or has a password to hash dictionary.
JonathanS Posted August 7 Author Report Posted August 7 On 7/25/2024 at 7:39 PM, ORSO2001 said: Hi JonathanS, i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string. How do I "encrypt" the buffer? I have now finally got back onto this job. Thanks
ORSO2001 Posted August 8 Report Posted August 8 hi Jonathan, here a really simple example... From Pass to Code.ulpr
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now