Protecting Ignition Screens From Theft

I don't want all our hard work stolen. I'm very proud of the 8 years of continual development that has gone into our Ignition projects and tags and features and believe it's a huge part of what makes our small company better than others. We have customers that will have a copy of our gateway because we have remote sites where the project and gateway need to be local as well. It's tearing me up because I really really really really hate to just hand over all our stuff but since they will have admin on the local gateway the project is on, I can't see anyway of protecting our screens and templates and features from just being stolen. Some of the customers even have their own SCADA dev team which makes me want to hand it over even less. We do this for PLC's where it locks you out from seeing the code but I can't see anyway of doing this on an ignition gateway that they have Admin on. Please anything to not just hand over all this work literally for free is helpful. Thanks. The decision to give the customer anything other than admin on the local gateway is above my paygrade but locking them out from viewing, editing, or accessing the projects on the gateway is fine if that's possible.

1 Like

You can create and license a custom module.

you can also read up and get some ideas from a similar post:

Also, be careful as if you're an OEM and making common equipment, you are probably OK, but if these are custom projects for customers, part of your contract may require that they have full rights to the project to do with as they please once it's turned over. As @Noah_Casey said, you can make your own module that requires licensing for anything that you can put into the module, but normal project stuff, I don't know there's much you can do about it.

Plus if I were the end customer, I would require that I have full access to the project and PLC programming that you're turning over unless you are an OEM of some custom specialized equipment.

Edit: On another note, protecting code that is really only protected because "you put a lot of work into it" pisses off end customers. You'll get better job security and return customers if you turn it over and provide good support without requiring them to come to you for changes. When they feel locked in because you're the only one who can modify it for them, they're usually not happy about it.


To give another perspective from the client side, I've been working as controls support for an end-user for some time, and there's nothing more frustrating than not being able to do anything about an issue because the program is locked down. If I can't even look at the logic of a system, I can't figure out why it's not doing what it's supposed to, let alone come up with a work-around until the issue can be properly fixed.

I'm personally glad to pay for a license that lets us view and modify our copy of whatever software to suit our needs.


You're giving them your project? If they're paying for it, how is that free?


As a customer, I hate this. I understand it, but there is nothing more aggravating then having a piece of equipment down and not being able to even troubleshoot it because you can’t see the code.

If you must give them admin on the gateway, then there is pretty much nothing you can do. Even a module only obfuscates the code from a significantly motivated individual.

The way you protect yourself is by including language in your contract with your customers that prohibits them from distributing your IP to your competition. That is quite literally all you can do, short of developing a complete compiled SCADA solution, and even that isn’t full proof.


To add to this, I'm pretty sure you should be able to insure for the possible loss if a client does violate the contract and misuse your IP (you can get insurance for just about anything). Then you could offer a slightly more expensive "open-source" license to help defray the additional costs.

Relevant comic:


{ Probably should blur the vulgarity on a public topic. }


Any time I end up with (corporate purchasing....) any kind of password-protected or magic-black-box "thing" I start making plans how to replace it.


If you set things up to be specific to your UDTs that match your protected AOIs, the screens are probably not much use to other devs, unless they also have the AOI behind the UDT.

Of course, they could also take the time to create a AIO that uses the exact same tag names, or figure out how to refactor your UDTs to their AOIs or other tags. Either of those options seem pretty unlikely to happen.

1 Like