Campbell Scientific CR6 CR6 Measurement and Control System - Page 419

Authentication, 6.4.2 Command Syntax

Page 419 highlights

Section 8. Operation use of the API commands with RTMC is available in CRBasic Editor Help, which is one of several programs available for PC to CR6 support (p. 89). 8.6.4.1 Authentication The CR6 passcode security scheme described in the Security (p. 87) section is not considered sufficiently robust for API use because, 1. the security code is plainly visible in the URI, so it can be compromised by eavesdropping or viewing the monitor. 2. the range of valid security codes is 1 to 65534, so the security code can be compromised by brute force attacks. Instead, Basic Access Authentication, which is implemented in the API, should be used with the CR6. Basic Access Authentication uses an encrypted user account file, .csipasswd, which is placed on the CPU: drive of the CR6. Four levels of access are available through Basic Access Authentication: • all access denied (Level 0) • all access allowed (Level 1) • set variables allowed (Level 2) • read-only access (Level 3) Multiple user accounts and security levels can be defined. .csipasswd is created and edited in the Device Configuration Utility (DevConfig) (p. 116) software Net Services tab, Edit .csipasswd File button. When in Datalogger .csipasswd File Editor dialog box, pressing Apply after entering user names and passwords encrypts .csipasswd and saves it to the CR6 CPU: drive. A check box is available to set the file as hidden. If hidden when saved, the file cannot be accessed for editing. If access to the CR6 web server is attempted without correct security credentials, the CR6 returns the error 401 Authorization Required. This error prompts the web browser or client to display a user name and password request dialog box. If .csipasswd is blank or does not exist, the user name defaults to anonymous with no password, and the security level defaults to read-only (default security level can be changed in DevConfig). If an invalid user name or password is entered in .csipasswd, the CR6 web server will default to the level of access assigned to anonymous. The security level associated with the user name anonymous, affects only API commands. For example, the API command SetValueEx will not function when the API security level is set to read-only, but the CRBasic parameter SetValue in the WebPageBegin() instruction will function. However, if .csipasswd sets a user name other than anonymous and sets a password, security will be active on API and CRBasic commands. For example, if a numeric security pass code is set in the CR6 Status table (see Security (p. 87) section), and .csipasswd does not exist, then the security code must be entered to use the CRBasic parameter SetValue. If .csipasswd does exist, a correct user name and password will override the security code. 8.6.4.2 Command Syntax API commands follow the syntax, ip_adr?command=CommandName¶meters/arguments 419

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
  • 453
  • 454
  • 455
  • 456
  • 457
  • 458
  • 459
  • 460
  • 461
  • 462
  • 463
  • 464
  • 465
  • 466
  • 467
  • 468
  • 469
  • 470
  • 471
  • 472
  • 473
  • 474
  • 475
  • 476
  • 477
  • 478
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • 485
  • 486
  • 487
  • 488
  • 489
  • 490
  • 491
  • 492
  • 493
  • 494
  • 495
  • 496
  • 497
  • 498
  • 499
  • 500
  • 501
  • 502
  • 503
  • 504
  • 505
  • 506
  • 507
  • 508
  • 509
  • 510
  • 511
  • 512
  • 513
  • 514
  • 515
  • 516
  • 517
  • 518
  • 519
  • 520
  • 521
  • 522
  • 523
  • 524
  • 525
  • 526
  • 527
  • 528
  • 529
  • 530
  • 531
  • 532
  • 533
  • 534
  • 535
  • 536
  • 537
  • 538
  • 539
  • 540
  • 541
  • 542
  • 543
  • 544
  • 545
  • 546
  • 547
  • 548
  • 549
  • 550
  • 551
  • 552
  • 553
  • 554
  • 555
  • 556
  • 557
  • 558
  • 559
  • 560
  • 561
  • 562
  • 563
  • 564
  • 565
  • 566
  • 567
  • 568
  • 569
  • 570
  • 571
  • 572
  • 573
  • 574
  • 575
  • 576
  • 577
  • 578
  • 579
  • 580
  • 581
  • 582
  • 583
  • 584
  • 585
  • 586
  • 587
  • 588
  • 589
  • 590
  • 591
  • 592
  • 593
  • 594
  • 595
  • 596
  • 597
  • 598
  • 599
  • 600
  • 601
  • 602
  • 603
  • 604
  • 605
  • 606
  • 607
  • 608
  • 609
  • 610
  • 611
  • 612
  • 613
  • 614
  • 615
  • 616
  • 617
  • 618
  • 619
  • 620
  • 621
  • 622
  • 623
  • 624
  • 625
  • 626

Section 8.
Operation
use of the API commands with RTMC is available in
CRBasic Editor Help
, which
is one of several programs available for
PC to CR6 support
(p. 89).
8.6.4.1 Authentication
The CR6 passcode security scheme described in the
Security
(p. 87)
section is not
considered sufficiently robust for API use because,
1.
the security code is plainly visible in the URI, so it can be compromised by
eavesdropping or viewing the monitor.
2.
the range of valid security codes is 1 to 65534, so the security code can be
compromised by brute force attacks.
Instead, Basic Access Authentication, which is implemented in the API, should be
used with the CR6.
Basic Access Authentication uses an encrypted user account
file,
.csipasswd
, which is placed on the CPU: drive of the CR6.
Four levels of access are available through Basic Access Authentication:
all access denied (Level
0
)
all access allowed (Level
1
)
set variables allowed (Level
2
)
read-only access (Level
3
)
Multiple user accounts and security levels can be defined.
.csipasswd
is created
and edited in the
Device Configuration Utility (DevConfig)
(p. 116)
software
Net
Services
tab,
Edit .csipasswd File
button.
When in
Datalogger .csipasswd File
Editor
dialog box, pressing
Apply
after entering user names and passwords
encrypts
.csipasswd
and saves it to the CR6 CPU: drive.
A check box is available
to set the file as hidden.
If hidden when saved, the file cannot be accessed for
editing.
If access to the CR6 web server is attempted without correct security credentials,
the CR6 returns the error
401 Authorization Required
.
This error prompts the
web browser or client to display a user name and password request dialog box.
If
.csipasswd
is blank or does not exist, the user name defaults to
anonymous
with
no password, and the security level defaults to
read-only
(default security level
can be changed in
DevConfig
).
If an invalid user name or password is entered in
.csipasswd
, the CR6 web server will default to the level of access assigned to
anonymous
.
The security level associated with the user name
anonymous
, affects only API
commands.
For example, the API command
SetValueEx
will not function when
the API security level is set to
read-only
, but the CRBasic parameter
SetValue
in
the
WebPageBegin()
instruction will function.
However, if
.csipasswd
sets a
user name other than anonymous and sets a password, security will be active on
API and CRBasic commands.
For example, if a numeric security pass code is set
in the CR6
Status
table (see
Security
(p. 87)
section), and
.csipasswd
does not exist,
then the security code must be entered to use the CRBasic parameter
SetValue
.
If
.csipasswd
does exist, a correct user name and password will override the security
code.
8.6.4.2 Command Syntax
API commands follow the syntax,
ip_adr?command=CommandName&parameters/arguments
419