Gateway Password Reset

HALW80 · October 31, 2014, 5:02pm

Is there a way to disable the reset to the default admin username password for the GUI?

Kevin.Herron · October 31, 2014, 6:05pm

You’re talking about in the little GCU utility?

HALW80 · October 31, 2014, 7:24pm

Oops sorry Yes…GCU.

Kevin.Herron · October 31, 2014, 7:34pm

No, you can’t disable that.

The GCU only runs on the machine the gateway is installed on. If someone you don’t trust has physical access to the machine all bets are off; they could do far worse than reset the passwords.

HALW80 · October 31, 2014, 8:54pm

Mmm…Like deactivate a license/delete project etc

giulianacaula · August 6, 2018, 3:04pm

Hi !!

Any updates on this ?
Can we do something now in Ignition v7.9.x to protect our projects ??

Kevin.Herron · August 6, 2018, 3:18pm

Protect the machine running Ignition?

anadal · August 6, 2018, 3:35pm

Kevin, supposing that another integrator has access to that machine, how can we do then to protect our project?

Kevin.Herron · August 6, 2018, 3:53pm

This is not a use case we intend to support. Access to the machine is access to everything.

There’s always going to be a bail-out way to reset your password and admin access to the machine is going to allow it (among many, many other things).

PGriffith · August 6, 2018, 3:54pm

Use OS-level protections/user restrictions. There’s really nothing we even could do - if an untrusted individual has full access to a production server, they can do just about anything.

Esme_Lopez · April 12, 2022, 3:33pm

can we do something now to protect our projects ?

Kevin.Herron · April 12, 2022, 3:38pm

Nothing has changed since the last activity in this thread.

What’s your use case or threat model? Who are you trying to protect projects from and what does “protect” mean to you?

Esme_Lopez · April 12, 2022, 3:47pm

The same thing, that nobody can reset the password

pturmel · April 12, 2022, 3:50pm

In case you hadn’t noticed, Ignition stores this kind of stuff in the internal config database. Even if they take the functionality out of the gwcmd tool, anyone with a clue can directly edit the config database to change the security setup.

Access to the gateway is access to everything, one way or another. There is no magic wand.

Kevin.Herron · April 12, 2022, 4:01pm

Bingo. This will never change. Don't let untrusted users have access to the server running your Ignition Gateway.

PGriffith · April 12, 2022, 4:54pm

Security through obscurity isn’t security.

If you don’t trust someone, don’t let them on the machine, full stop.

Esmeralda_Lopez · May 25, 2022, 4:59pm

how can I delete the gwcmd tool?

pturmel · May 25, 2022, 5:36pm

Use the OS’s file delete function. And any bad actor with access to the server can put it back. Even under a different name.

It is totally useless, from a security standpoint, to delete it.

You simply cannot stop someone with access to the server from manipulating the Ignition service installed there. Don’t give out access to the server to untrusted individuals.

andrews · May 25, 2022, 5:38pm

On a side note, it feels like people are trying to pretend to be proprietary OEM software. And force customers into a life long relationship.

But at some point,

you might be hired to takeover a project
someone might be hired to take over your project
you might be a part of a team for a project
a team might be created to work on project

At the end of the day, stopped being worried about other people. Just be worried about going and getting your money. If you do good, and the “customer” likes/trust you they will keep coming back to you.

Esmeralda_Lopez · May 25, 2022, 5:38pm

I want to delete it, but also I found the identify provider, do you think can help?