Secure Development / Protecting the Source Code
Secure development with the CODESYS Development System includes:
Protection of the project in combination with user management and permission management
Encryption of the project (source code)
Encryption of the boot application
If necessary, request the encryption of specific IEC application POUs of specific IEC application parts (
CmpX509Cert.library
)Project management in Git or SVN
You can also use symbol sets in the project to achieve more secure use of the code on the PLC.
Note the following regarding project protection:
You can provide the project with simple write protection to prevent unauthorized changes.
In order to protect only certain objects in a project against changes, or to allow access only to certain users, you can use a user and permission management.
However, such write and access protection is not enough as a means of protecting the know-how of the project POUs. Both CODESYS itself, Automation Platform plug-ins, and people with knowledge about the project file format can view or modify POUs created with CODESYS.
Encryption is recommended for know-how protection. Use at least a user-specific password, but preferably a certificate. Using the "CODESYS Security Key" (dongle) is no longer recommended.
The desired type of project encryption is enabled in the Project Settings.
You can achieve know-how protection of a library project by providing it as a target-system-independent "protected library" (
*.compiled-library
,*.compiled-library-v3
). The library file no longer contains source code in this format, but only encrypted precompile context. The compiler is still able to interpret this data. Whether access by other CODESYS components or additional plug-ins is possible depends on their functionality and is to be observed in individual cases. Signing can increase protection.