Open topic with navigation

You are here: System Administration > Security > Recommended Security Settings > Disable the Allow Logon and Database Writes over HTTP Setting

Disable the Allow Logon and Database Writes over HTTP Setting

The Server Configuration Tool has an Allow Logon and Database Writes over Non-Secure HTTP setting that is disabled (clear) by default. This is the recommended setting, as it means WebX users cannot log on or perform controls over a non-secure connection.

We recommend that you only enable the Allow Logon and Database Writes over Non-Secure HTTP setting if specifically requested to do so by Schneider Electric. When this setting is enabled, it means sensitive information such as user names and passwords are sent via unencrypted connections. These transmissions could be intercepted and the information could then be used to gain unauthorized access to your system.

NOTICE

POTENTIAL SECURITY THREAT

Do not select the Allow Logon and Database Writes Over Non-Secure HTTP check box unless specifically instructed to do so by Schneider Electric. The Allow Logon and Database Writes Over Non-Secure HTTP check box should be clear so that log ons and write actions to the database only take place over secure connections.
Failure to follow these instructions can result in equipment damage.

Further Information

Define the Access Settings for Non-Secure Original WebX Connections.

Disclaimer
© 2015 Schneider Electric.  All Rights Reserved.
ClearSCADA 2015 R2