Skip to main content

How To: Protect the development and source code

For secure development with the CODESYS Development System, various functions are available for protection of the project, the source code, and the application.

. Measures

  • User management and permissions

  • Encryption of the project

  • Encryption of the boot application

  • Encryption of specific IEC application POUs (via the CmpX509Cert.library library)

  • Project management in Git™ or SVN™

  • Symbol sets for the controlled deployment of variables for the PLC

. Notes on project protection

Note

A write and access protection does not provide sufficient know-how protection.

Individual project and program POUs can be viewed and modified by people with knowledge of the file format. This is also possible using the CODESYS Development System or the CODESYS Automation platform.

  • You can provide the project with simple write protection to prevent unauthorized changes.

  • In order to protect only certain objects in a project against changes, or to allow access only to certain users, you can use a user and permission management.

Know-how protection by means of encryption

Encryption is recommended for effective protection of project POUs.

To do this, use the following:

The desired type of project encryption is enabled in the Project Settings.

Note

Using the "CODESYS Security Key" (dongle) is no longer recommended.

Protection of library projects

For libraries, effective know-how protection can be achieved by providing it as a protected library independent of a specific target system.

  • *.compiled-library

  • *.compiled-library-v3

The library file no longer contains source code in this format, but only encrypted precompile context. The compiler is still able to interpret this data.

Whether access by other CODESYS components or additional plug-ins is possible depends on their functionality and must be verified in individual cases.

Signing can also increase protection.

Simplified Integrity Check

A CODESYS project is saved in a proprietary format. Its integrity is checked by default each time the project is loaded or opened.

For better protection of the application source code, however, you should use the available encryption options.

Connecting a project to version control

A version control system allows for additional data backup and secure exchange with other developers. Security is provided by encrypted communication between the server of the version control system and the "client" CODESYS Development System.

Version control in CODESYS Git

For information about securely using CODESYS Git for version control, see the following: How To: Protect a Git link

Management in CODESYS SVN

For information about setting up an encrypted connection to the SVN server, see the following: Securing a server/client connection by authentication and certificate

In this section: