07-26-2010 03:21 PM
Question...Is there any way to secure Remote Panels?
I've got a client with an application I wrote that he makes available to 'his' customes via Remote Panels. He's concerned that some unauthorized person can 'tap into' the RP feed and be able to view (and possibly control) his VI.
While this app was written using LV 8.5.1, I know that LV 2009 (and I guess 2010) have some kind of encryption built in. Is there any way to use this to encrypt the Remote Panel image/data?
Also, does anyone know how 'strong' the NI encryption is? Apparently 64 bit is the strongest that can be legally exported 😞
07-27-2010 10:42 PM
There's a knowledgebase that you will want to read. It lays out how to implement security in the LabVIEW server that deals with the Remote Panels. You can find the information at this link:
http://digital.ni.com/public.nsf/allkb/8D8A18E0348920A48625703B00789A41?OpenDocument
I hope that helps!
07-28-2010 07:36 AM
While it's not encrypting the data, this may satisfy my customer...I'll check it out with him. I know that he's already got a user/password to get to a web page that has a link to the Remote Panel, so this may end up being redundant in that respect.
Thanks.
07-28-2010 07:45 AM
Security is a relative thing.
Back in the day when I consulted with banks on security systems I learned that the amount of money that went into protecting vault depended on how much money was in the vault. THe idea was to make it more expensive to break in.
Same idea applies to computer security.
The LV Web interface effectively sepeartes the front panel from the block diagram and provides the linkages between them.
To attack that communication the atttacker must be familiar with that interaction AND be willing to do the attacking.
Aside from one of my mentors, I know of nobody outside NI that can attack that interface and judging by his posts, he is too busy to get involved.
So if the data in the app being served is really worth so much that the cometition would invest in doing the hacking, then the concern is valid. But if the served app's info is not that valuable, then relax and let the competition waste their money.
Ben