Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.
Forget the password of admin, how to get it back?
-
I forgot the password of admin, how to get it back? or how to reset the password for admin account?
-
Hi youland1900,
I suspect this is the thread you were looking for: https://forum.infiniteautomation.com/topic/2811/resetting-user-database-via-the-sql-console/6
TLDR you can use SQL to set your user's password to {NONE}admin to have the password set back to the default. Then you'll want to change your password through Mango, or it will be in plaintext in the database.
UPDATE users SET password='{NONE}admin' WHERE username='admin';To get to the SQL console if you're using H2, you'll want to use the Mango/bin/h2-web-console script (.sh linux, .bat windows). You'll need SSH or direct access, and you'll have to stop Mango. https://help.infiniteautomation.com/about-the-h2-database/
Alternatively you could try moving your Mango/databases/mah2.h2.db file while Mango is off, then doing a database restore and changing your password after the restore finishes, but I think the former method is better.
-
I see, but now I worry about two things:
- If everyone can reset password, then eveyone can be admin authority?
- In this way, customer or somebody else can get full access to my project, for modify, copy, distribute etc.
how to protect my work? Is that the old version are not allowed to reset admin password?
-
@youland1900 Only admin users can access the SQL console. You should also ensure use a password on your SQL database and firewall it from the web / local network or restrict disk access to it in the case of a H2 database.
-
^ This. As Jared says, you have to be logged in as an admin already to use the SQL console through Mango.
Users with file system access and r/w privileges to the installation directory can indeed change passwords - or for that matter demolish the installation outright in a flurry of deletes. You shouldn't let non-trusted or malevolent users access the machine if you'd like them to be lower privilege users in Mango.
-
How about windows version? installed on a computer, eveybody can access to use this computer? Normally, you make a project for your customer, you should give the whole software to customer, so your customer can modify it or resell it or copy, distribute it as they want, and you are out of control it..
As for other kinds of SCADA system, normally it set password for a project, and not allowed reset or decode, customer have the right to run the project, only the project designer havs authority to modify the project, says, run version and development version, that's the way how to protect project designer's work, sometimes related to payment things. -
If you're running any software on a computer that others have access to login to or to the file system, you're already at a disadvantage if you're trying to minimise or control access.
Ultimately, if you have R/W access to files on the disk or the memory of the computer/server running any software, you can reset passwords, or use other methods to break in - like reading passwords out of active memory, stack tracing, or other available "debugging" methods.
A vendor can bake in some kind of 'protection' so you can lock a system down (like non-resettable admin passwords), but ultimately these are just a deterrent - with some effort, this kind of thing can often be overcome. As an example, Mitsubishi Alpha PLC passwords are easily discovered if you know what area of memory to read from their config tool when it 'tests' the password you enter. Ask me how I know ;p
The best approach to protect your work is to deploy as a 'black box' type system. You run on a MangoES, Separate physical server, or Virtual Machine, where you give your client only the minimum access required to use the system such as a less privileged user to login via web browser only to a dashboard. This also gives you the opportunity to sell them 'support' on either per-incident or subscription basis for the deployment.
Hope this helps!
Cheers!
-Shaun -
something may caused by Java are difficult to encode than C++, as i know so far ifix project etc. are not succeed to be decoded.
many companies, especially manufacture companies, they do not let there equipments link to outer internet for safety reason, so you can not build a server in your side that under your control. you have to provide the whole software run in customer's factory internally. -
Thanks for your thoughts Shaun!
I'm not sure what you mean youland1900. Our software is not fundamentally responsible for either securing network access or an operating system. If you don't have operating system access, you can't change (or even get a reminder email about) your Mango user's password. We enable you to host Mango over HTTPS and we have undergone a security audit before.
You can license a customer facility without ever connecting it to the internet. You would have to email us, receive and pay an invoice for the license, and then we could send you a file to license it. If you are willing to connect to the internet while licensing, then you can do it yourself through the store and never connect to the internet again without issue.
-
I'll also just add that passwords are salted and hashed using bcrypt so if by chance someone does get access to the SQL database they may be able to change the administrator password but they will not be able to recover the plaintext password.
-
understand now, thanks.
