suggestions for enhancements to webcontrol (not 32)

[rossw]

Another request!
 
I'm sure I'm not the only one who has written commercial applications for the WC8 (and will do so for the WC32), who has a reasonable amount "invested" in the intellectual property. It means when we send the board out at the moment, it has to be locked down with ACLs, passwords etc - the user can't see or do anything "directly" because otherwise we HAVE NO OPTION but to expose our code.
 
Even if they cannot "understand" it, there is nothing to stop them "copying it" into another board.
 
I would like to see two extra configuration options.
1. "Code protect". This would be a simple checkbox in the configuration area. The user could uncheck the box, but when it gets written back, the code currently stored would be cleared.
2. "Configuration protect". Here we could enable/disable the webset and email (notifications). Again, if the user unchecks the box, it would wipe the settings.
 
I realise nothing will truly protect the code - someone really determined will open the chip etc, but all I want to do is stop the "average" and "reasonably capable" class. Hard-core, determined industrial pirates will do whatever it takes (but usually only worth it for high-value product).

 

[CAI_Support]

Thanks for your suggestion.  We do understand the need for copy protection. 
Would be all the configuration need to be protected, or only PLC program need to protect?  Do you need remotely access the board once you loaded your code, or you only load the code in your place before sending them out?
 
Certain configuration, like network configuration should be viewable and editable by your end users.
 
We need to think how to best handle this.

 

[az1324]

You could have two passwords. The master password can access all the pages. The user password can access only approved pages. Then you could have an admin page with options to allow access to a subset of pages.

 

[rossw]

Thanks for your suggestion.  We do understand the need for copy protection. 
Would be all the configuration need to be protected, or only PLC program need to protect?  Do you need remotely access the board once you loaded your code, or you only load the code in your place before sending them out?
 
Certain configuration, like network configuration should be viewable and editable by your end users.
 
We need to think how to best handle this.

 
In my particular case, I'd like to be able to simply DISABLE the ability of the board to send its running program.
I still want to be able to log into it remotely, and to upload new code to it (replacing what is there already).
In some instances, I would want to be able to do the same for email/webset configuration, while in other cases it might be beneficial to permit users to enter their own details. (Eg, a monitoring system you might want to let someone enter their own email alert address, or to set the SMTP server etc)
 
It needs to be irreversable without destruction of the running configuration though. So a "factory reset" could clear the bit - along with all the running code, but once SET you could never retrieve the code.

 

[CAI_Support]

In WC32 boards, we can implement another login, so that you can set you own login to decide which page to show to the end user. For WC8 board, it is hard to do that, since the RAM requirement.  We have to think hard for some clever way to do it without using much RAM.

 

[Tschmidt]

The ability to have multiple access classes would be a nice feature. The feature that comes to mind is one with full read/write access and another that is read only to allow viewing status or  fetching status without the need to log in at all.
 
The other thing is to obscure passwords, currently webControl exposes email password.

 

[CAI_Support]

We are planning to add multiple access for WC32, so that end user can login to change IP address, but developer can control another level of login. Also provide developers the ability to tailor the GUI looking.  However, on WC8 boards, it does not have RAM for us to work on that.  We will think hard how to provide some kind of copy protection for developers.

 

[az1324]

I'm sure it can be added to WC8, you know where to find a developer who can do it.

 

[rossw]

However, on WC8 boards, it does not have RAM for us to work on that.  We will think hard how to provide some kind of copy protection for developers.

 
I am NOT in favor of simply using a second access password.
The reason is that given time, even strong passwords can be brute-forced.
My initial suggestion of a "Protect" flag, which needs only to be ONE BIT, is used to PREVENT READING OUT OF THE CODE.
To make it simple, the option could be a "set only" that requires a factory reset to clear (and thus wipes the program).
If you choose to make it a resettable bit, then when it gets reset, the program needs to be wiped.
This does not render the board useless, because someone can still reset it to defaults, but it will go a long way towards protecting our IP

 

[az1324]

That is true.  How about a "protect" flag on the PLC code page which just tells the board not to send the code back to the browser.  The flag would only be settable when the PLC code is being erased & replaced.  Very simple to do.  Every time a new PLC program is saved it would just be checked or unchecked.  Actually it could just be by having the first line of the PLC code read PROTECT.  Seems elegant.
 
To go further you could actually make it so that a section of the PLC code was protected and another section was not.  PROTECT ....  PROTECTEND  Then the protected section would read back as "PROTECTED" with a hash and length of the protected section but the other section would read back normally.  The user could then modify the unprotected sections without affecting the protected section.  As long as the hash matched the stored hash the protected section would be preserved in memory.  This would give you the ability to do things like allow the user to change schedule times or other variables that affect the logic of the program.  Slightly more involved, but not that hard.

 

[CAI_Support]

That is true.  How about a "protect" flag on the PLC code page which just tells the board not to send the code back to the browser.  The flag would only be settable when the PLC code is being erased & replaced.  Very simple to do.  Every time a new PLC program is saved it would just be checked or unchecked.  Actually it could just be by having the first line of the PLC code read PROTECT.  Seems elegant.
 
To go further you could actually make it so that a section of the PLC code was protected and another section was not.  PROTECT ....  PROTECTEND  Then the protected section would read back as "PROTECTED" with a hash and length of the protected section but the other section would read back normally.  The user could then modify the unprotected sections without affecting the protected section.  As long as the hash matched the stored hash the protected section would be preserved in memory.  This would give you the ability to do things like allow the user to change schedule times or other variables that affect the logic of the program.  Slightly more involved, but not that hard.

If PLC code is partially protected, developer may end up spending a lot of time to figure out why the code no longer working, simply because someone tweaked a bit somewhere. 
 
To make it simple, we could add a flag in the general tab a checkbox for PLC protection.  So that it does not show PLC code if the protection box is checked, What the sequence to cause PLC code being wiped out is something need to be clearly defined.

 

[az1324]

I think it is better to use PROTECT in the PLC code box.  That way the flag is already linked to saving PLC code, no UI changes are required, and it is logical.  Then you have the first byte of PLC code as the protect flag and you treat it as a NOP but you also use it for checking if you can send code back to the browser.
 
Of course it would be up to the developer to decide if there are any variables they can safely expose to the user in the unprotected section.  But that should be their choice.

 

[CAI_Support]

az1324, that is a great idea, just have PROTECT in PLC code, Any code paste in the window with PROTECT keyword will not displayed back.  Inside firmware, WebControl treat PROTECT like NOP. on GUI, once the code sending back with PROTECT it will not display.

 

[az1324]

It should also display to the user "Protected Code" and should prompt when the user tries to save a new PLC code with "You a are about to overwrite protected code stored in memory.  This will change the way your board functions.  Press OK to continue."

 

[CAI_Support]

Those can all be done in the GUI java code.  This warning message will also show to the developer, since both end user and developer PLC code has PROTECT inside.