Re: [foxboro] Foxboro I/A OPC - Security

• From: Corey R Clingo <corey.clingo@xxxxxxxx>
• To: foxboro@xxxxxxxxxxxxx
• Date: Mon, 22 May 2006 09:51:38 -0500

I share that opinion, but you run across the occasional person who will 
dampen your altruism.  And due to organizational issues, you can sometimes 
do little about it.
On the other hand, I have generally abandoned the notion of protecting 
things with graphic/DM/FV configuration, like disabling Select, detail 
display access, etc.  Although this is what Foxboro promotes (when the 
customer complains about the "open doors" you mention), I feel it is a 
flawed security model.  I prefer a system-wide security mechanism, 
enforced at the controller level, and the closest I can get to that is 
locking parameters in the configuration by looping them back to 
themselves.  This is also a pain, but wouldn't be so much if there were a 
shorthand for it (e.g., ":.1" for "COMPOUND.BLOCK.PARAMETER.1").

Corey





brad.s.wilson@xxxxxxxxxxxxxx 
Sent by: foxboro-bounce@xxxxxxxxxxxxx
05/22/2006 07:38 AM
Please respond to
foxboro@xxxxxxxxxxxxx


To
foxboro@xxxxxxxxxxxxx
cc

Subject
Re: [foxboro] Foxboro I/A OPC - Security






>> a savvy graphics builder can run any manner of script or program from
within DM or FV using DM commands <<

My opinion (for what it's worth) is that if someone has been granted
"inside" access to configurator-level functions, then he should be trusted
enough to NOT run commands unrelated to his function.  Now, confusing or
misleading commands that can be run by mistake are entirely different.  My
biggest headache has been closing the doors which Foxboro products leave
open as "standard", such as access to block detail from the alarm managers
and standard button bar.  Of course, system backups are the obvious
"repair" strategy.

Brad Wilson
Process Control Engineer
ExxonMobil Chemical Co
Edison Synthetics Plant
732-321-6115
732-321-6177 fax
Brad.S.Wilson@xxxxxxxxxxxxxx




 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             http://www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
 

• References:
  • Re: [foxboro] Foxboro I/A OPC - Security
    • From: brad . s . wilson

Other related posts:

• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security
• » Re: [foxboro] Foxboro I/A OPC - Security

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription