Bisku Posted July 13, 2016 Report Share Posted July 13, 2016 I have made an application with different user levels, which means a specific user can only access certain functions within the application. Currently I have stored the user information (login-name, password, access rights) within a project-database, where the data are stored within the visilogic-project file and are read-only for the PLC. Unfortunately, it is possible to extract these data using Unitronics DataXport which would give everybody the ability to read all user datas and passwords at anytime. Can anyone support me with either a way to protect the database itself, the data within the database (e.g. using some encryption) or point me to a different way how to handle these data? Any help is highly appreciated. Link to comment Share on other sites More sharing options...
Ofir Posted July 13, 2016 Report Share Posted July 13, 2016 Hello, Do you mean that one will download DataXport from our website and access the data tables? When using DataXport, you can define which data tables can be retreived. in this case you can define only the data tables which does not include the information you wish to secure. Please note that you can block access to the PLC using SB314. whenever it is on no one will be able to access the PLC using both serial and Ethernet connection. Link to comment Share on other sites More sharing options...
Bisku Posted July 13, 2016 Author Report Share Posted July 13, 2016 Hello, Do you mean that one will download DataXport from our website and access the data tables? Yes, I think this might happen. I have designed a system which will be sold to different companies who compete on the same market. Therefore I want to ensure that company A cannot get access to passwords of company B and vice versa. > When using DataXport, you can define which data tables can be retreived. in this case you can define only the data tables which does not include the information you wish to secure. > Please note that you can block access to the PLC using SB314. whenever it is on no one will be able to access the PLC using both serial and Ethernet connection. Not sure about that. I have designed the database as part of project. Nevertheless I can easily access the databases and read both structure and all values using DataXport. I didn't find any kind of protection. So, I believe anyone could simply download DataXport from the unitronics website, install it and get access to this database - or am I wrong? Link to comment Share on other sites More sharing options...
Gabriel Franco Posted July 13, 2016 Report Share Posted July 13, 2016 I guess the better option is to encrypt sensitive data such as password. This can be accomplished using math calculation in ladder when reading and writing from/to database. User may be able to see datatable but encrypted password. Other way, would be using registers to save such information. Link to comment Share on other sites More sharing options...
Bisku Posted July 16, 2016 Author Report Share Posted July 16, 2016 I had the same thought. But I didn't want to invest too much time to develop a strong encryption routine... And as the customer can download the whole list of password and knows at least one correct password (his own), it might be an easy task to hack the least if it isn't a strong encryption. But if I remember correctly then there is no way to access the string library, is it? So I think about storing the passwords in the string libray, e.g. place it from string 200 - 220. The I could use a MI as pointer to the password string, read the string to MIs and compare it with the data provided by the user. If password in string 210 matches then I would read the access rights from row 10 (210-200) of the database. Does anyone know for sure whether the string library is really protected against external access or not? Of course this would be essential for my approach. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now