07/31/2023
Hello everyones!!!
I have proposition, how add scpirt code for OPC UA Methods created by OPC UAClients.
Please look my pyblication:
https://www.linkedin.com/posts…..er_desktop
I would like to hear opinions on the feasibility and ways of introducing this feature.
With best regards,
Alexander.
05/30/2017
This kind of feature can only be implemented by servers that are built with an SDK that can support it.
Many cannot.
This feature is also a huge security risk because servers would execute code that may be supplied by a malicious client.
It is not clear what problem this feature would solve.
07/31/2023
Thank You, Randy!
The idea is that you can take control of the interpretation of the script and limit dangerous operations, for example, prohibit writing and allow only reading, allow the allocation of only a certain amount of resources, limit execution time, etc., while returning the failure reason code to the client
05/30/2017
Hackers are very good at finding ways to exploit zero days in scripting engines. It is not just about resource consumption, the risk comes from information leaks or privilege elevation.
It is not possible to prove that such a feature would be safe which means many servers would refuse to support it even if they had the capability. There would need to be a very strong business case to overcome this concern.
Can you articulate what problems this would solve and why the problems cannot be solved in another way or can be solved more cheaply with this solution? “Wouldn’t this be cool” is not a business case.
07/31/2023
Hi, Randy!!
I was study open62541 (and QUAServer too) and it is possible to create methods by UA_node managment..
And I had a question: is it possible to implement and ensure code security in methods? This is where the idea of an interpreter came up, although I tried several ways to do it (shellcode, dynamic translation, loadable libraries). It seemed to me that if we control interpretation, we can control everything…
I decided to ask if the developers of the standard think about this?
Maybe you would advise us to consider some kind of SDK that supports this possibility?
05/30/2017
As I said: what is the business case?
i.e. what problem does this feature solve that cannot be solved in a way that is less exposed to security problems?
It is simply not possible to guarantee safety of a scripting engine because coding errors can create vulnerabilities.
The only safe option is never execute code provided from a source that is not trusted.
07/31/2023
Thank you, Randy!!
The business case can be different, for example, there was a need to change the algorithm or formula for calculating a certain value using the method from variables in the server, but you would not want to stop the server…
By the way, I have two thoughts
1. Perhaps misunderstanding arises due to the meaning that is attached to the concept. I don’t mean a bash-type interpreter. which runs any programs, etc. We are talking about a script interpreter that is specially developed, and we can add the commands we need to it, for example, only read variables, if this is enough for us, when implementing potentially dangerous commands, we can install the necessary checks and limit the area of influence to ensure safety…
2. If it is possible for a client to add objects to the server, then what prevents him from adding them in too large a quantity so that the server crashes…?
Merry Christmas, Randy!!
05/30/2017
there was a need to change the algorithm or formula for calculating a certain value using the method from variables in the server, but you would not want to stop the server
You could do this today with ChangeForumla Method or allowing writes to the Definition property.
for this use case, I could see developing a formal syntax for the Definition
https://reference.opcfoundatio…..docs/5.3.1
We could use MathML: https://en.wikipedia.org/wiki/MathML
or OpenMath: https://openmath.org/technical/
to define the formula where the variables are NodeIds using string syntax in Part 6:
https://reference.opcfoundatio…..ocs/5.1.12
1 Guest(s)