Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Hull and Outfitting

TABLE OF CONTENTS

Access Password and Database Protection

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 13, 2025
  • 2 minute read

Database protection allows a database to be designated as 'protected', refer to User Guide Administration / Creating the Main Admin Elements / Databases / Creating Databases, meaning that users are prevented from using any export mechanism to copy model data.

The basic method used to protect data is to not allow access to certain key attributes from the command line or PML scripts (or any other API). However, through a constrained opening mechanism, key attribute access in customer PML applications can be allowed. That is, customer PML applications are granted access to key attributes from encrypted PML protected with an access password.

The protected access password is a password set by the project administrator and stored in the protected database. The password specified in the encrypted PML must match this database password. This would allow encrypted PML applications with a given password to access and use the protected attributes in databases that match that password, but in other situations (password does not match, or unencrypted PML, C#) access would continue to be denied.

The onus is placed on the writer of the PML to use attribute values in calculations without displaying or exporting the attribute value. The PML could of course output the value of a protected attribute (and thus circumvent the security), so rigorous code review procedures should be used to ensure developers have not unintentionally exposed data considered to have protection.

PML applications may be run against different projects (different set of databases) that need to be protected differently. This could be done by having multiple sets of encrypted PML, each set tied to one project (or to be more precise, to a set of protected databases that have the same password). If the same set of PML files requires access to different projects, protected differently, multiple passwords needs to be applied to the set of PML files via PML Publisher.

We recommend that passwords should be

  • Between eight and fifteen characters long

  • Use characters from the ranges a-zA-Z0-9

Other characters are possible, but if you choose to use others;

  • Do not use any of |'@$/* as these may have special meanings in command syntax

  • Space characters at the start and end of a password are ignored

  • If you use any non-ASCII characters (eg ö ñ etc) use the -passfile option to read the password(s) from a utf8 file with a Byte-order-Mark to avoid differences in encoding causing problems.

  • Do not use the -pass option with passwords including spaces or any other non-Alphanumeric ASCII characters

If you require more than one password you may use either of the following approaches;

  • Use multiple -pass options on the same command

  • Put the passwords in a text file - one on each line - and then use a -passfile command

Examples

pmlencrypt -pmllib input_pmllib output_pmllib -pass Fexc5kmFRfc -pass ll4f6DedrfggFr

pmlencrypt input_file.mac output_file.mac -passfile securelocation\passwordfile.txt

where passwordfile.txt contains

Fexc5kmFRfc

ll4f6DedrfggFr

TitleResults for “How to create a CRG?”Also Available in