You can configure your system so that WebX and Original WebX clients can access the ClearSCADA database via non-secure HTTP connections (see Define the Ports Settings for Original WebX Clients). As HTTP connections are unsecure, potentially the communications could be intercepted and used for malicious purposes. For this reason, ClearSCADA has certain safeguards in place by default:
- If you have HTTP (unsecure) and HTTPS (secure) ports enabled, ClearSCADA will automatically use HTTPS for logging on and writing to the database (issuing controls, etc.). The HTTPS port is used even if the WebX or Original WebX user initially connected via a HTTP port. When HTTPS is available, ClearSCADA uses it in preference to HTTP to help protect your system from unauthorized access.
- If you have HTTP ports enabled, but HTTPS ports disabled, ClearSCADA will only allow users to browse by default. They will not be able to log on or issue controls.
However, in certain specific circumstances (such as testing a system), there may be a need for an engineer to log on and issue controls via an unsecure connection. To facilitate this, the Server Configuration Tool’s WebX settings include an Allow Logon and Database Writes Over Non-Secure HTTP check box.
When selected, this will allow engineers to log on and issue controls over a HTTP connection.
You should only select the Allow Logon and Database Writes Over Non-Secure HTTP check box if you are fully aware of the security risks and are prepared to accept the lowered level of security. We would not advise selecting the check box on a fully commissioned live system. Once the commissioning work using non-secure connections is complete, and before the system goes live, ensure that the check box is cleared so that log ons and write actions only take place over secure connections.
POTENTIAL SECURITY BREACH