View topic - How to add authentication to Target File System Navigator?

Page 1 of 1

How to add authentication to Target File System Navigator?

PostPosted: Thu Oct 27, 2016 7:54 am
by midlevel
In Target File System Navigator of QNX Momentics, you can connect to an embedded device using its ip address and see the contents. How can one add some kind of authentication to this window to protect files?

Re: How to add authentication to Target File System Navigato

PostPosted: Thu Oct 27, 2016 1:39 pm
by Tim
I don't believe it's possible. That's because connecting to a target with momentics is meant for debugging which doesn't make sense to protect files.

If you are talking about someone hacking into a production device, the answer is much simpler. Don't run qconn. If qconn is not running then momentics can't connect. It's probably best to not even include qconn on your target.

Tim

Re: How to add authentication to Target File System Navigato

PostPosted: Thu Oct 27, 2016 5:36 pm
by midlevel
Tim wrote:If you are talking about someone hacking into a production device, the answer is much simpler. Don't run qconn. If qconn is not running then momentics can't connect. It's probably best to not even include qconn on your target.

Tim


I guess you are right. But what about the time when devices run into problems after product delivery and you want to find out what's wrong in customer's site. I think there should be a way for authorized person to connect to them and see what's happening inside.

Re: How to add authentication to Target File System Navigato

PostPosted: Thu Oct 27, 2016 7:43 pm
by Tim
There are a couple of ways you can have authorized person's connect at customer sites.

1) Your devices could have ftp/telnet enabled. Then your authorized person's could ftp a copy of qconn to the device and then telnet in, add the execute bit to qconn and then connect.
2) You could ship your device with qconn on it (located someplace only your software knows about and possibly even renamed to something else besides qconn) and then some admin keystroke / password combination could have your software launch qconn.

#1 If you setup ftp/telnet to only access a RAM drive then qconn can only be run from ram and thus is gone the next time the device restarts. The downside is you'd have to trust they didn't show the customers the ftp/telnet passwords.

#2 This assumes your device is at least functional enough to take the admin command to launch qconn. The downside is you'd have to trust they didn't show the customers the admin command because once this is known it can be used forever.

Tim

Re: How to add authentication to Target File System Navigato

PostPosted: Sat Oct 29, 2016 12:52 pm
by midlevel
Tim wrote:There are a couple of ways you can have authorized person's connect at customer sites.
Tim


Thank you!