Campbell Scientific CR6 CR6 Measurement and Control System - Page 419
Authentication, 6.4.2 Command Syntax
View all Campbell Scientific CR6 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 419 highlights
Section 8. Operation use of the API commands with RTMC is available in CRBasic Editor Help, which is one of several programs available for PC to CR6 support (p. 89). 8.6.4.1 Authentication The CR6 passcode security scheme described in the Security (p. 87) section is not considered sufficiently robust for API use because, 1. the security code is plainly visible in the URI, so it can be compromised by eavesdropping or viewing the monitor. 2. the range of valid security codes is 1 to 65534, so the security code can be compromised by brute force attacks. Instead, Basic Access Authentication, which is implemented in the API, should be used with the CR6. Basic Access Authentication uses an encrypted user account file, .csipasswd, which is placed on the CPU: drive of the CR6. Four levels of access are available through Basic Access Authentication: • all access denied (Level 0) • all access allowed (Level 1) • set variables allowed (Level 2) • read-only access (Level 3) Multiple user accounts and security levels can be defined. .csipasswd is created and edited in the Device Configuration Utility (DevConfig) (p. 116) software Net Services tab, Edit .csipasswd File button. When in Datalogger .csipasswd File Editor dialog box, pressing Apply after entering user names and passwords encrypts .csipasswd and saves it to the CR6 CPU: drive. A check box is available to set the file as hidden. If hidden when saved, the file cannot be accessed for editing. If access to the CR6 web server is attempted without correct security credentials, the CR6 returns the error 401 Authorization Required. This error prompts the web browser or client to display a user name and password request dialog box. If .csipasswd is blank or does not exist, the user name defaults to anonymous with no password, and the security level defaults to read-only (default security level can be changed in DevConfig). If an invalid user name or password is entered in .csipasswd, the CR6 web server will default to the level of access assigned to anonymous. The security level associated with the user name anonymous, affects only API commands. For example, the API command SetValueEx will not function when the API security level is set to read-only, but the CRBasic parameter SetValue in the WebPageBegin() instruction will function. However, if .csipasswd sets a user name other than anonymous and sets a password, security will be active on API and CRBasic commands. For example, if a numeric security pass code is set in the CR6 Status table (see Security (p. 87) section), and .csipasswd does not exist, then the security code must be entered to use the CRBasic parameter SetValue. If .csipasswd does exist, a correct user name and password will override the security code. 8.6.4.2 Command Syntax API commands follow the syntax, ip_adr?command=CommandName¶meters/arguments 419