Skip navigation.
Home
The QNX Community Portal

View topic - How to add authentication to Target File System Navigator?

How to add authentication to Target File System Navigator?

anything that doesn't fit to other groups.

How to add authentication to Target File System Navigator?

Postby midlevel » Thu Oct 27, 2016 7:54 am

In Target File System Navigator of QNX Momentics, you can connect to an embedded device using its ip address and see the contents. How can one add some kind of authentication to this window to protect files?
midlevel
New Member
 
Posts: 5
Joined: Mon Sep 26, 2016 8:57 am

Re: How to add authentication to Target File System Navigato

Postby Tim » Thu Oct 27, 2016 1:39 pm

I don't believe it's possible. That's because connecting to a target with momentics is meant for debugging which doesn't make sense to protect files.

If you are talking about someone hacking into a production device, the answer is much simpler. Don't run qconn. If qconn is not running then momentics can't connect. It's probably best to not even include qconn on your target.

Tim
Tim
Senior Member
 
Posts: 1390
Joined: Wed Mar 10, 2004 12:28 am

Re: How to add authentication to Target File System Navigato

Postby midlevel » Thu Oct 27, 2016 5:36 pm

Tim wrote:If you are talking about someone hacking into a production device, the answer is much simpler. Don't run qconn. If qconn is not running then momentics can't connect. It's probably best to not even include qconn on your target.

Tim


I guess you are right. But what about the time when devices run into problems after product delivery and you want to find out what's wrong in customer's site. I think there should be a way for authorized person to connect to them and see what's happening inside.
midlevel
New Member
 
Posts: 5
Joined: Mon Sep 26, 2016 8:57 am

Re: How to add authentication to Target File System Navigato

Postby Tim » Thu Oct 27, 2016 7:43 pm

There are a couple of ways you can have authorized person's connect at customer sites.

1) Your devices could have ftp/telnet enabled. Then your authorized person's could ftp a copy of qconn to the device and then telnet in, add the execute bit to qconn and then connect.
2) You could ship your device with qconn on it (located someplace only your software knows about and possibly even renamed to something else besides qconn) and then some admin keystroke / password combination could have your software launch qconn.

#1 If you setup ftp/telnet to only access a RAM drive then qconn can only be run from ram and thus is gone the next time the device restarts. The downside is you'd have to trust they didn't show the customers the ftp/telnet passwords.

#2 This assumes your device is at least functional enough to take the admin command to launch qconn. The downside is you'd have to trust they didn't show the customers the admin command because once this is known it can be used forever.

Tim
Tim
Senior Member
 
Posts: 1390
Joined: Wed Mar 10, 2004 12:28 am

Re: How to add authentication to Target File System Navigato

Postby midlevel » Sat Oct 29, 2016 12:52 pm

Tim wrote:There are a couple of ways you can have authorized person's connect at customer sites.
Tim


Thank you!
midlevel
New Member
 
Posts: 5
Joined: Mon Sep 26, 2016 8:57 am


Return to General Programming

Who is online

Users browsing this forum: No registered users and 4 guests