Creating a .csipasswd file

The data logger employs a security code scheme that includes three levels of security (see Data logger security for more information). This scheme can be used to limit access to a data logger that is publicly available. However, the security codes are visible in ClosedDevice Configuration Utility Software tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks.. In addition, the range of codes is relatively small. To provide a more robust means of security, basic access authentication was implemented with the HTTP API interface in the form of an encrypted password file named .csipasswd. See the CRBasic Editor help for information about the data logger web server and API commands: https://help.campbellsci.com/crbasic/cr300/#Info/webserverapicommands1.htm .

NOTE:

Ethernet over USB (RNDIS) is considered a direct communications connection. Therefore, it is a trusted connection and Administrator privileges are automatically granted for all functionality (csipasswd does not apply).

When a file named .csipasswd is stored on the data logger CPU drive, basic access authentication is enabled in the data logger and read/write access to the web interface can be defined. Multiple user accounts with differing levels of access can be defined for one data logger. Four levels of access are available:

  • None: Disable a user account.

  • Read Only: Data collection is unrestricted. Clock and writable variables cannot be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • Read/Write: Data collection is unrestricted. Clock and writable variables can be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • All (Administrator): Data collection is unrestricted. Clock, writable variables and settings can be changed. Programs can be viewed, stopped, deleted, and retrieved. Hidden tables can be viewed. Files, including programs can be sent to the data logger.

NOTE:

All levels of access allow data collection.

Create an encrypted password file or modify an existing password file using Device Configuration Utility:

  1. Connect to your device in ClosedDevice Configuration Utility Software tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks..

  2. Click the Network Services tab, then the Edit .csipasswd File button.

  3. Define user accounts and access levels.

  4. Click Apply. The .csipasswd file is automatically saved to the data logger CPU drive.

When a .csipasswd file is used, the PakBus/TCP Password security setting is not used when accessing the data logger via HTTP. If the .csipasswd file is blank or does not exist, the default user name is "anonymous" with no password and a user level of read only.

When access to the data logger web interface is attempted without the appropriate security level, the data logger will prompt for a username and password. If an invalid username or password is entered, the data logger will default to the level of access assigned to “anonymous”. As noted previously, anonymous is assigned a user level of read-only, though this can be changed using Device Configuration Utility.

If the numeric security code has been enabled, and no .csipasswd file is on the data logger, then that numeric security code must be entered to access the data logger. If a .csipasswd file is on the data logger, the username and password employed by the basic access authentication will eliminate the need for entering the numeric security code.