cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

Remote CADWorker Communication Via HTTPS

Remote CADWorker Communication Via HTTPS

When installing CADWorkers at a RFS remote location the generated representations are FTP'd back to the master Windchill site using FTPS (explicit).  This requires firewall ports to be opened between the remote RFS site and the master. 

This request is for a product enhancement to change the communication method for CADWorkers from FTPS to HTTP/HTTPS so that the CADWorker call to store the generated representations acts like a standard client.

3 Comments
PTCModerator
Emeritus
Status changed to: Acknowledged
 
tmeneguzzo
3-Visitor

Very important for security reasons. File transfer without encryption is an old technlology.

mschulze
13-Aquamarine

great idea. But additionally it should be addressed, that the communication between Windchill and the worker agent can also be secured.

As far as I know, this communication is also not encrypted. Even if there are some restrictions on the Windchill side, like server white lists wt.auth.trustedHosts and  worker.exe.whitelist.prefixes, I do not see that the access to the cad worker is secured and prevents sending data to the worker agent (any client can send data to the worker? If the firewall does not restrict the access to data from the Windchill Server ).

I think there should be also some kind of auth.trustedHosts setting for the worker daemon besides encrypted communication.

e.g. I assume, that the cadworker user and its password is passed from the windchill server to the worker daemon so, that the worker can download the data. That way a man in the middle can read the password in an unsecured communication. With that username an password you get read at least access to more or less all data in Windchill! Unfortunately, I have not yet been able to test this. I hope that I am wrong.