Jump to content

Recommended Posts

Posted

Hello,

 

I am building a custom UAC system for a client as the unitronics in built one isn't as per the customers needs. However, the one thing that is a slight issue is the use of a data table storing usernames and passwords, is there a way of making these not be viewable in the HMI back end/ is there a way of making the data in them non exportable. So the data in the table can never be seen in a human readable format.

 

Thanks

Posted

Hi JonathanS,

i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string.

Posted
12 hours ago, ORSO2001 said:

Hi JonathanS,

i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string.

Thanks for the help, I shall give this a try

Posted

If you mean to protect it in UniLogic (and not in the PLC), then you can password protect a table, just like protecting a function or a screen.

If you give the user the ability to enter the UniApps, or let him see the users table in an HMI Widget, then as ORSO2001, you should "encrypt" it. Websites doesn't store the password  when you register (or at least, most of them don't). Instead, they store a hash of your password (like SHA256 of the password).

The PLC does not support SHA256 hashing, but you can calculate CRC of it, so a user cannot get the password from the hash unless he uses a brute-force or has a password to hash dictionary. 

  • 2 weeks later...
Posted
On 7/25/2024 at 7:39 PM, ORSO2001 said:

Hi JonathanS,

i think that you can "encrypt" the password string...you can store the password in a buffer...than manage the buffer with the "encryption" ...store again the buffer in a string and save this in the table...at the end, to log in, insert the normal password, that will "encrypted" later then check if the string is present in the table...so...if someone will have access at the table in someway will have something that has to "decode" ...I think that this should be reasonabile if the needs is just "no human readable" string.

How do I "encrypt" the buffer? I have now finally got back onto this job. Thanks

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

This site uses cookies. By clicking I accept, you agree to their use.