Creating a .csipasswd file

The data logger employs a security code scheme that includes three levels of security (seeData logger securityfor more information). This scheme can be used to limit access to a data logger that is publicly available. However, the security codes are visible inClosedDevice Configuration UtilitySoftware tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks.. In addition, the range of codes is relatively small. To provide a more robust means of security, basic access authentication was implemented with the HTTP API interface in the form of an encrypted password file named.csipasswd. See theCRBasic Editorhelp for information about the data logger web server and API commands: https://help.campbellsci.com/crbasic/cr1000x/#Info/webserverapicommands1.htm.

NOTE:

以太网/ USB (RN)DIS) is considered a direct communications connection. Therefore, it is a trusted connection andAdministratorprivileges are automatically granted for all functionality (csipasswd does not apply).

When a file named.csipasswdis stored on the data logger CPU drive, basic access authentication is enabled in the data logger and read/write access to the web interface can be defined. Multiple user accounts with differing levels of access can be defined for one data logger. Four levels of access are available:

  • None: Disable a user account.

  • Read Only: Data collection is unrestricted. Clock and writable variables cannot be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • Read/Write: Data collection is unrestricted. Clock and writable variables can be changed. Programs cannot be viewed, stopped, deleted, or retrieved.

  • All (Administrator): Data collection is unrestricted. Clock, writable variables and settings can be changed. Programs can be viewed, stopped, deleted, and retrieved. Hidden tables can be viewed. Files, including programs can be sent to the data logger.

NOTE:

All levels of access allow data collection.

Create an encrypted password file or modify an existing password file usingDevice Configuration Utility:

  1. Connect to your device inClosedDevice Configuration UtilitySoftware tool used to set up data loggers and peripherals, and to configure PakBus settings before those devices are deployed in the field and/or added to networks..

  2. 单击Network Servicestab, then theEdit .csipasswd Filebutton.

  3. Define user accounts and access levels.

  4. ClickApply. The.csipasswdfile is automatically saved to the data logger CPU drive.

When a.csipasswdfile is used, the PakBus/TCP Password security setting is not used when accessing the data logger via HTTP. If the.csipasswdfile is blank or does not exist, the default user name is "anonymous" with no password and a user level of read only.

When access to the data logger web interface is attempted without the appropriate security level, the data logger will prompt for a username and password. If an invalid username or password is entered, the data logger will default to the level of access assigned to “anonymous”. As noted previously, anonymous is assigned a user level of read-only, though this can be changed usingDevice Configuration Utility.

If the numeric security code has been enabled, and no.csipasswdfile is on the data logger, then that numeric security code must be entered to access the data logger. If a.csipasswdfile is on the data logger, the username and password employed by the basic access authentication will eliminate the need for entering the numeric security code.