Password for StateWORKS runtime systems (RTDB)
Password
Today almost all computers are in networks, including many of the computers running RTDB based applications. To increase the security we have introduced a password for accessing the RTDB.
The RTDB can be given a password. The password is stored in RTDB and used to check any RTDB client which tries to connect to the RTDB TCP/IP server.
In any case the RTDB expects that the first message received from the client will be the password. If the password is correct the link to the client is enabled and the client can access RTDB objects, otherwise the link is disconnected. If the RTDB does not have a password the password sent is treated as a dummy value and the client connects without any checking.
The concept and implementation of the password in StateWORKS run-time system guarantees a security in cases where it is needed. In all situations where the password would be dispensable it can be just ignored on starting the application. For instance, SWLab does not have any precautions to guard it by password as there is no sense in complicating our life while testing the system.
Setting Password in RTDB (run-time system)
To set the password into RTDB the developer of the RTDB based application has to use the StartTCPIPCommunication()
which has two parameters: the TCP/IP port number and the password. Thus, the dialog on start of the application may have the form as shown below:
In this example (taken from the Standard run-time system) the operator defined a password Abc123
. Only clients which connect to RTDB with that password will get the access.
The RTDB does not have any limit on the Password string: any length and any writable characters will do. By programming the Application a programmer may define a limit on a string passed to the function StartTCPIPCommunication()
. For instance the Standard Executor limits the length to 2048 characters.
Giving Password in RTDB clients (monitors, user interface)
The client which connects to RTDB must send the password as the first message. The password has to be sent using the Poke()
method of the tTcpipClient library with the following parameters:
where the second variable Password
is a string representing password.
The implementation of the password request is left to the developer. For instance, in the new version of SWMon the TCP/IP address dialog window has received a new edit window Password (see Figure 1). A similar edit window has been added to the monitor SWQuick.
Figure 1: TCP/IP address dialog window of the SWMon
On connecting the monitor SWTerm to RTDB the set
command with the password has to follow the connect
one, i.e. something like this has to be used:
The set
password command should always follow the connect
command on starting the SWTerm even if we know that the RTDB is not guarded by a password (in that case with a dummy password value). For the SWTerm the password characters are not replaced (hidden) by asterisk (*).
Compatibility
If the password is not used new RTDB based applications will work with old RTDB clients. For instance, we may still connect the Turing machine model (SWTuring program) to the application which uses the new RTDB and runs the T_TwoComplement.swd
configuration if the application does not use password. If using a password the old clients must not try to connect with such a RTDB based application: of course the client will not be able to connect to RTDB, but its behavior will be unpredictable. We must not try to connect new monitors to the old RTDB. Thus, do not connect:
- new monitors with old RTDB
- old monitors with new RTDB guarded with password
As there is no need to mix the old and new monitors and RTDB based applications we recommend avoiding such solutions.
The article was originally written in March 2007.
Here you can view the unedited file directly from the author: PDF