Creating a .csipasswd file
The data logger employs a security code scheme that includes three levels of security (see Data logger security for more information). This scheme can be used to limit access to a data logger that is publicly available. However, the security codes are visible in Device Configuration UtilitySoftware tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks.. In addition, the range of codes is relatively small. To provide a more robust means of security, Basic access authentication was implemented with the HTTP API interface in the form of an encrypted password file named
.csipasswd. Read/write access to the web interface requires a
.csipasswd file. The web interface provides access to real-time and stored data logger data. For more information on the web interface, watch an instructional video.
Ethernet over USB (RNDIS) is considered a direct communications connection. Therefore, it is a trusted connection and csipasswd does not apply.
When a file named
.csipasswd is stored on the data logger CPU drive, basic access authentication is enabled in the data logger and read/write access to the web interface can be defined. Multiple user accounts with differing levels of access can be defined for one data logger. Four levels of access are available:
- None: Disable a user account.
- Read Only: Data collection is unrestricted. Clock and writable variables cannot be changed. Programs cannot be viewed, stopped, deleted, or retrieved.
- Read/Write: Data collection is unrestricted. Clock and writable variables can be changed. Programs cannot be viewed, stopped, deleted, or retrieved.
- All: Data collection is unrestricted. Clock and writable variables can be changed. Programs can be viewed, stopped, deleted and retrieved.
All levels of access allow data collection.
Create an encrypted password file or modify an existing password file using Device Configuration Utility:
Connect to your device in Device Configuration UtilitySoftware tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks..
Click the Network Services tab, then the Edit .csipasswd File button.
Define user accounts and access levels.
Click Apply. The
.csipasswdfile is automatically saved to the data logger CPU drive.
.csipasswd file is used, the PakBus/TCP Password security setting is not used when accessing the data logger via HTTP. If the
.csipasswd file is blank or does not exist, the default user name is "anonymous" with no password and a user level of read only.
When access to the data logger web server is attempted without the appropriate security level, the data logger will prompt the web client to display a username and password request dialog. If an invalid username or password is entered, the data logger web server will default to the level of access assigned to “anonymous”. As noted previously, anonymous is assigned a user level of read-only, though this can be changed using Device Configuration Utility.
If the numeric security code has been enabled, and no
.csipasswd file is on the data logger, then that numeric security code must be entered to access the data logger. If a
.csipasswd file is on the data logger, the username and password employed by the basic access authentication will eliminate the need for entering the numeric security code.
Syntax for the commands sent to the web server generally follows the form of:
Arguments are appended to the command string using an ampersand (&). Some commands have optional arguments, where omitting the argument results in a default being used. When applicable, optional arguments and their defaults are noted and examples are provided in the CRBasic help (search Web Server/API Commands).