ProSoft Technology MVI56-AFC User Manual
Page 157
MVI56-AFC ♦ ControlLogix Platform
Security (Passwords)
Liquid and Gas Flow Computer
User Manual
ProSoft Technology, Inc.
Page 157 of 316
February 25, 2011
10.1 Hard Password
The hard password feature offers further protection against unauthorized access
to the module.
If the Hard Password option is cleared, these registers can be read either from
an external Modbus device, from the processor or using the Modbus Master
interface in the AFC Manager. This operation mode is called "Soft Password"
mode. It is then the responsibility of a compatible application (such as AFC
Manager) to verify the password given by the operator against those fetched
from the module in order to determine the access granted.
If the Hard Password option is selected, a read of a password register will return
zero regardless of the password’s actual value. In this case, read or write access
is obtained by writing a candidate password to the Password Test register
(register 18), the module itself verifies the password, and the access granted is
determined by reading back that same register 18 (called the Accessed Port and
Authorization register when read) and examining its contents. The access is
granted to the port over which the request was made; other ports remain
unaffected. If the port remains idle with no Modbus activity for two minutes, then
the granted access is removed and can be regained only by writing a new
password to the test register. For highest security, you can explicitly revoke your
own password-obtained authorization before it times out by writing zero to the
Password Test register.
Access granted by password, whether Soft or Hard, is to the module as a whole,
including the password registers themselves. That is, in order to change a stored
Hard password you must first obtain write access to the module by giving the
correct Write-Enable password. However, some registers are exempt from
authorization. There are a very few registers that are exempt from write
authorization and are always writable; the Password Test register 18 is one such
for the obvious reason. Similarly, some registers are exempt from read
authorization and are always readable; they include most of the first 20 holding
registers, including the Firmware Product and Group codes in registers 0 and 1
(so an application like AFC Manager can learn whether it is talking to an AFC
without being trapped in a catch-22), the Site Status in register 6 (so the
application can learn whether the password mode is Soft or Hard and verify the
operator’s password entry using the proper method), and the Accessed Port and
Authorization register 18 (so the application can learn whether access was
granted in Hard-password mode even if the wrong read password was entered).