Technical information

ManualsBrandsMotorola ManualsNetwork CardW24

121

122

123

124

125

126

127

128

129

130

Chapter 2: AT+i Commands Reference

May 31, 2008 AT+i Commands Reference Manual 2-81

W24 uses the industry standard SHA1 algorithm to authenticate the remote user. According to

SHA1, the password typed into the authentication form is not literally communicated back to

W24. Rather, a SHA1-encrypted token is transferred. To achieve this, W24's web server sends a

JavaScript, which calculates SHA1 encryption at the browser end together with the authentication

form. W24 also issues a different random number, used as part of the encryption key, each time

authentication is required, to eliminate the possibility of impersonation based on eavesdropping

to a legal authentication session.

If the RPG parameter is empty (AT+iRPG=''), remote W24 configuration parameter update is

fully restricted. In other words, it is not possible to update configuration parameter values using a

remote browser. Conversely, if the RPG parameter contains an (*) character (match any), the

configuration parameters can be updated freely, without requiring authentication at all.

The Parameter Tags defined in the application website are secured from remote updates in the

same manner as the W24 configuration parameters. In this case, the authentication password is

stored in W24's local parameter WPWD (Web Password). If the WPWD parameter contains a

value, a remote user needs to issue this value as an authentication password in order to gain

update access to the application level Parameter Tags. Like in the case of the RPG parameter, if

WPWD is empty, application level Parameter Tags are fully restricted, whereas when WPWD

contains an (*), updates are unrestricted and authentication is not required.

When authentication is required, W24's web server automatically issues an authentication form to

the remote browser in response to an attempt to update Parameter Tags. This procedure allows the

application site to include HTML submit instances anywhere in the website without worrying

about the authentication process. Authentication is automatically activated depending on the local

value of the WPWD parameter.

Authentication needs to be submitted only once per session in order to enable browsing,

Parameter Tags, or W24 configuration updates. In addition, authentication automatically expires

after 10 minutes of inactivity.

Parameter Update Error Handling

An attempt to assign an illegal value to a parameter will fail and a string containing the relevant

error message will be stored in a special W24 Parameter Tag named WST (Web Server Status).

This value can be displayed in the page as any other parameter value (using ~WST~). For

Example:

<b>Update Error Message: ~WST~</b>

File Types Supported by W24's Web Server

• The following files can include parameter tags:

• .HTM, .HTML, .JS, .VBS, .INC, .STM, .XML, .XSL, .HTC,.CSS, .WML, .WMLS,

.XHTML

• The following files cannot include parameter tags:

• .CLASS, .GIF, .JPG, .PDF, .DOC, .PPT, .BMP, .XLS, .WMLC, .WMLSC, .WBMP