Hi support team,
we plan to implement user authorization on top of user authentication. In the local machine network we want to avoid message security because of the expected performance and administration overhead (there will be an additional fully secured endpoint for the customer network if required). However still we need an authenticated user for authorization.
Will the provided username and password information be transfered over the network in plain text in this case? Or is there some level of password security independant of the message security mode?
Best regards
Kurt De Marco
User name and password authentication without message security.
Moderator: uasdkcpp
-
kurt
- Sr. Member
- Posts: 13
- Joined: 17 Apr 2012, 09:01
-
Support Team
- Hero Member
- Posts: 3072
- Joined: 18 Mar 2011, 15:09
Re:User name and password authentication without message security.
Hello Kurt,
OPC UA allows user token encryption independent of the message security. Even for security policy NONE it is possible to encrypt the password. The behaviour is defined by the server through the user token policy in the EndpointDescription. The C++ SDK server does request this setting for all endpoints with user name activated.
You can use Wireshark to check if the password is encrypted.
Best Regards,
Unified Automation Support Team
OPC UA allows user token encryption independent of the message security. Even for security policy NONE it is possible to encrypt the password. The behaviour is defined by the server through the user token policy in the EndpointDescription. The C++ SDK server does request this setting for all endpoints with user name activated.
You can use Wireshark to check if the password is encrypted.
Best Regards,
Unified Automation Support Team
Best regards
Unified Automation Support Team
Unified Automation Support Team