I understand what your saying, We are trying to give clients access to production data etc and having them access a page within in ignition that shows a dashboard based on their project. The page they get directed to is controlled by their login and from that page there is no way to navigate anywhere else.
Your knowledge of ignition is far far greater then mine so you know all the workarounds etc, the people we are giving access to will have the same knowledge as me. If letting people outside the company access a page or view then maybe I could create a separate project for them, or will they still be able to work around that also?
Is any system safe when giving external people access to systems? We have no PLC’s or any automated equipment connected to ignition. Its being used almost like a MES. If everything is bypassable whats the point in user log ins and authorization on buttons etc, anyone within the company could gain access to data beyond their authorization?
We could give our a clients a ipad for example with the app on, that’s keeps them away from the browser side to it. Or we could design a webpage that pulls the information from the database. Our clients are are all big oil and gas companies/contractors and access is given to higher management in those companies, hopefully no one that will want to start ‘bypassing’ our security. I’m also looking into tying in a MAC address or IP address into the login to stop anyone giving their log in details to someone else but then if they know the URL and can get to the log in page it can all be bypassed anyway ? We could also create a report on a drop box link and just update on a time base if its decided the risk is too high to let them have access to the project.