FMD88-10 Username -Password and Access Level

[Philippe Parmentier]

Hello Everyone,

I got a question about theses settings in the FServer.

I can only set one username and password with one access level.

If I set a username and password with level 3 Guest acces  that I give to a customer for 'monitoring' the PLC, I should not be able to log as level 1 as administator for troubleshoooting and uploding updates?

The only way to bypass this is to set the Sw 3 then?

Is there also a way to protect from using this sw3? To avoid 'hackers' to try to steal the logic and having access to the local relays, timers, counters and so, even if the code will not be accessible?

[support]

Only someone with physical access to the PLC can set SW3 to bypass the password. Are you worried that a "hacker" can actually physically turn on DIP switch #3? Then you probably shouldn't be giving him the password at whatever level.

Also someone with physical access to the PLC can connect to the PLC via TLServer and RS232 port, which does not make use of the FServer password settings.

The best solution is probably to lock up your PLC inside a safe room  

[Philippe Parmentier]

That would be the best in my dream, but as far as we are selling the machine, nothing is really preventing to the customer a physical access and let competitors doing reverse ing.

The fact of using Load_eep to use a non Modbus accessible memory is already a step, Encrypting this memory before transmitting into the DM variable is also a way.

Unless dismounting the switch or hard wiring the switch. or diving the plc in resine....

[support]

We need to emphasize that even if you can access the PLC with programmer privilege via either the Ethernet port or the serial port, there is no way to upload the program inside the PLC back to the PC. Only the data (DM, A to Z, etc) and the I/Os are accessible by the user and it will not be easy to reverse engineer your program based on access to these variables. Even if you setup the machine for just guest access the guest by definition will be able to read the data from within the PLC.