Storage of Security Data and Configuration

Security-related information is stored in two separate files, each having a specific function. Details for each file follow the list.

• Settings.Dynamic (formerly, SecurityManager.ini was used)

Stores security-related administrative settings for the application.

• Accounts.Dynamic

Stores user account information (i.e. username, password, and privileges).

Settings.Dynamic

Changes to this file will not take effect until they are imported into an application using the Import File Edits feature of the Application Configuration dialog. In a secured application this action can only be performed by a user with configuration and file modification rights. Unauthorized users cannot change security settings by tampering with application properties.

Application properties related to security can be used to configure:

• The default automatic sign out time period. This is the amount of idle time after which the signed in user will automatically be logged off by the system. Each user may be given their own automatic sign out time.
• The minimum length for user passwords.
• Suppressed privileges (see: Suppression of System Privileges).

Accounts.Dynamic

The Accounts.Dynamic data file is used by the Security Manager to store user account data. This file is automatically generated by VTScada when you create your application.

Password hashing uses a salted, key-stretched, SHA2-512 algorithm. An AES-256 block cipher is used to encrypt account data. In addition, every user account has its own generated key. The only means of adding, copying, modifying, and deleting user accounts and their related passwords and privileges is by using the security dialogs provided by VTScada. Information taken from one application's Accounts.Dynamic file will not be valid in another.