Professional Documents
Culture Documents
User Guide
PML Disclaimer
1.1 AVEVA does not warrant that the use of the AVEVA software will be uninterrupted, error-free or free from
viruses.
1.2 AVEVA shall not be liable for: loss of profits; loss of business; depletion of goodwill and/or similar losses; loss of
anticipated savings; loss of goods; loss of contract; loss of use; loss or corruption of data or information; any
special, indirect, consequential or pure economic loss, costs, damages, charges or expenses which may be
suffered by the user, including any loss suffered by the user resulting from the inaccuracy or invalidity of any data
created by the AVEVA software, irrespective of whether such losses are suffered directly or indirectly, or arise in
contract, tort (including negligence) or otherwise.
1.3 AVEVA shall have no liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software where the faulty performance of the AVEVA software results from a user's
modification of the AVEVA software. User's rights to modify the AVEVA software are strictly limited to those set out
in the Customisation Manual.
1.4 AVEVA shall not be liable for any breach or infringement of a third party's intellectual property rights where such
breach results from a user's modification of the AVEVA software or associated documentation.
1.5 AVEVA's total liability in contract, tort (including negligence), or otherwise, arising in connection with the
performance of the AVEVA software shall be limited to 100% of the licence fees paid in the year in which the user's
claim is brought.
1.6 Clauses 1.1 to 1.5 shall apply to the fullest extent permissible at law.
1.7. In the event of any conflict between the above clauses and the analogous clauses in the software licence
under which the AVEVA software was purchased, the clauses in the software licence shall take precedence.
PML Copyright
Copyright and all other intellectual property rights in this manual and the associated software, and every part of it
(including source code, object code, any data contained in it, the manual and any other documentation supplied
with it) belongs to, or is validly licensed by, AVEVA Solutions Limited or its subsidiaries.
All rights are reserved to AVEVA Solutions Limited and its subsidiaries. The information contained in this document
is commercially sensitive, and shall not be copied, reproduced, stored in a retrieval system, or transmitted without
the prior written permission of AVEVA Solutions Limited. Where such permission is granted, it expressly requires
that this copyright notice, and the above disclaimer, is prominently displayed at the beginning of every copy that is
made.
The manual and associated documentation may not be adapted, reproduced, or copied, in any material or
electronic form, without the prior written permission of AVEVA Solutions Limited. Subject to the user's rights, as set
out in the customisation manuals to amend PML software files contained in the PDMSUI and PMLLIB folders and
any configuration files, the user may not reverse engineer, decompile, copy, or adapt the software. Neither the
whole, nor part of the software described in this publication may be incorporated into any third-party software,
product, machine, or system without the prior written permission of AVEVA Solutions Limited, save as permitted by
law. Any such unauthorised action is strictly prohibited, and may give rise to civil liabilities and criminal prosecution.
The AVEVA software described in this guide is to be installed and operated strictly in accordance with the terms
and conditions of the respective software licences, and in accordance with the relevant User Documentation.
Unauthorised or unlicensed use of the software is strictly prohibited.
Copyright 1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved. AVEVA shall not
be liable for any breach or infringement of a third party's intellectual property rights where such breach results from
a user's modification of the AVEVA software or associated documentation.
AVEVA Solutions Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.
PML Trademark
AVEVA and Tribon are registered trademarks of AVEVA Solutions Limited or its subsidiaries. Unauthorised use of
the AVEVA or Tribon trademarks is strictly forbidden.
AVEVA product/software names are trademarks or registered trademarks of AVEVA Solutions Limited or its
subsidiaries, registered in the UK, Europe and other countries (worldwide).
The copyright, trademark rights, or other intellectual property rights in any other product or software, its name or
logo belongs to its respective owner.
Revision Sheet
Date
Version
Comments / Remarks
Issued
January 2012
January 2013
12.1.SP2
Fix
Contents
Page
PML Publisher
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
Serious Warnings About Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1:1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1
2:2
2:3
2:3
2:3
2:3
2:3
2:4
2:4
2:5
2:5
2:5
Buffering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
Editing Published PML Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
12 Series
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:8
Single File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Folder of Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Simple PMLLIB Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restrict who can use an Encrypted File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Full Worked Example: Encrypting PMLLIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2:8
2:8
2:8
2:8
2:8
ii
12 Series
Introduction
PML is the AVEVA Programmable Macro Language. You can find details of the language in
the Software Customisation Guide and the Software Customisation Reference Manual.
PML functions, objects forms and macros may be encrypted using the tools described in this
guide, and once encrypted may be used within the software, but may not easily be read.
Encrypted PML files may be used in any compatible AVEVA program without an additional
license (see Using Encrypted Files). The encryption utility described in Using the PML
Encryption Utility Program is separately distributed and licensed.
Please note that the encryption used is of limited strength, and is not secure against all
possible attacks - for details of the encryptions used, see Encryption Algorithms.
If you have existing encrypted files encrypted with the old encryption type 3 (as used in
"Early Adopter" releases of 11.5.SP2 and 11.6.SP4 in 2007), you must re-encrypt the
original source to the new encryption type 4 if you wish to use them with 12-series releases,
11.6 Series SP4.9 and above or 11.5 series SP2.11 and above.
1.1
AVEVA may, from time to time, and at its sole discretion, change certain PML
encryption algorithms. Customers must therefore acknowledge that existing encrypted
PML applications may not work with the new encryption algorithms. On receipt of the
new encryption algorithms Customers will need to re-encrypt the source code of the
PML applications and therefore the customer must keep a record of the full and current
PML source code.
Please note that AVEVA makes no guarantees or warranties as to the security of the
encryption warranties and the customers use such encryption algorithms at their sole
risk.
The encryption used by PML publisher is shared by all users. If you encrypt a file for
use in your company, it can be run by all users of a compatible version of the software,
whether or not they are part of your company. (See Examples for some example code
to help address this issue).
If you wish the use the same encrypted file with different program versions you must
check each version for compatibility.
Once a PML file has been encrypted, it can no longer be read or edited. When you
publish a file make sure that you retain a safe copy of the original file, in case you want
to make further modifications to it later, or in case a new encryption algorithm is
required.
The PML Publisher does not include a decryptor for encrypted files.
1:1
12 Series
1:2
12 Series
2.1
Possible Workflow
pmlencrypt.exe, the encryption utility program supplied with this release, is a commandline program designed to be included in your PML software development process.
One possible workflow would be:
Make sure that you have a current backup of the source PML
No tool is supplied to decrypt an encrypted file, so it is very important that you keep
good backups, in case you overwrite the source PML with an encrypted version.
Encrypt from the copied location back to the source location. This will overwrite
recognised PML files with encrypted versions, and leave other files untouched.
Compare the source and copy locations to make sure that all the files you wish to be
encrypted are encrypted.
Consider writing a batch file, a perl script, or a PML script to automate this procedure for
your particular environment, to make it easy to create the encrypted PML environment
correctly each time the source PML is updated.
2.2
Licensing
The pmlencrypt.exe utility program requires a PML Publisher license in your license file
(the feature name is VPD-PMLPUBLISHER). If this is not present then the program will not
run.
2.3
Help
If pmlencrypt.exe is run without arguments, or with an invalid set of arguments, then a
summary similar to this is output. The options are explained further in the following sections.
2:1
12 Series
2.4
-rc4
-basic
-trivial
-none
-buffer N
-folder
-pmllib
-pass
-passfile
-noofpass
from_path
to_path
Choosing Files
PML files are not required to have particular file extensions. PML2 Functions, Objects,
Forms and Macros are normally stored in files with the extensions .pmlfnc, .pmlobj,
.pmlfrm and .pmlmac respectively, but other PML files, such as those in the pdmsui folder
of an installation have no extension at all, and a PML file with any extension may be read
with a $m command.
You must therefore be careful, when choosing files to encrypt, that you only encrypt PML
files. Other files, such as icon images and configuration files cannot be used by the software
when encrypted.
2.4.1
2:2
12 Series
2.4.2
use the windows "short name" for the files affected, if available.
Single File
If neither of the -folder or -pmllib options are used the from_path and to_path arguments
are taken to be single file-names or paths (which must not include embedded spaces). The
to_path file is created or overwritten, as appropriate.
This option may be used whenever you have a single file to encrypt, and can also be useful
within a script, where the file selection is handled by the script itself.
No assumptions are made about file extensions.
To encrypt a single file with one or more spaces in its name, move it into a folder without
spaces in its name, and then encrypt the contents of that folder with the -folder option. See
above for wide-character filenames.
2.4.3
2.4.4
2.4.5
File/Folder Paths
Be careful when you give the from_path and to_path arguments that they are in that order
-otherwise you may overwrite the wrong file.
The from_path and to_path arguments cannot be identical - this is to reduce the risk of
accidental overwriting of the source-files.
2.4.6
2:3
12 Series
For non-Unicode target systems (eg 12.0 series) encrypted Unicode files will not be
suitable, and you must ensure that the expected encodings match between the encrypting
and running systems if characters beyond the ASCII range are required.
Encrypted files use only ASCII characters, and therefore do not require a byte-order-mark.
2.5
Encryption Algorithms
2.5.1
It is implemented using the Microsoft Base Cryptographic Provider, which is included in,
among other operating systems, Windows 2000 and Windows XP. It is also included with
Microsoft Internet Explorer version 3.0 or later. 40-bit keys are used, to operate within
limits imposed at one stage on exports of encryption technology.
It is therefore expected that all compatible computers will include the libraries required for
this algorithm.
Please note that even this encryption is of limited strength, and is not secure against all
possible attacks.
If you have existing encrypted files encrypted with the obsolete encryption type 3, you must
re-encrypt the original source to encryption type 4 if you wish to use them with versions
12.X, 11.6.SP4 and above or 11.5.SP2 and above.
2.5.2
6 2006) >--
This format was the default for "Early Adopter" releases with 11.5.SP2 and 11.6.SP4.
AVEVA released updated 11.5.SP2 and 11.6.SP4 versions supporting encryption type 4
instead of encryption type 3 in 2008.
If you have existing encrypted files encrypted with encryption type 3, you must re-encrypt
the original source to encryption type 4 if you wish to use them with version 12.X, or with the
updated 11.5.SP2 and 11.6.SP4.
2:4
12 Series
2.5.3
This algorithm is less secure than the RC4 algorithm, and is not recommended for general
use.
2.5.4
2.5.5
You might choose to use this if you want to buffer the file for improved speed of access
(particularly for widely used PML objects or functions accessed over a relatively slow
network). For example, a file with the header
--<000-5>-- Published PML 1.1 >--
2:5
12 Series
will be kept in memory after it has been read five times during a session.
2.6
Buffering
Decrypting a PML file takes longer than reading a plain-text version, and in some
circumstances PML files may be re-read many times during a session. (A new command
PML STATISTICS displays information on the numbers of times each file has been read and
some extra information useful to AVEVA when testing the Published PML facilities).
In order to reduce the time taken to re-read the files, Published PML files may contain a
buffering directive in the header-line (the first line in the file). If a dash and a number are
included directly after the three-digit encryption algorithm ID, then the software will retain the
file in memory indefinitely once it has been read that many times.
You may wish to edit heavily used files to add buffering to the header by hand, or may use
the -buffer 5 option of pmlencrypt.exe to include a "buffer after five reads" tag in
each file encrypted.
A value of five is a good number to start with. Many files are read precisely once during
module start up - there is little benefit in buffering those files, and a value of five will avoid
that, but apply to all heavily used files.
If a file you are actively developing has a header including buffering, it will not be re-read as
often as you are used to. To force all buffered files to be cleared from memory if they are not
in current use, you can issue the PML REHASH or PML INDEX commands, or switch
modules.
2.6.1
2:6
12 Series
2.7
Do not use any of |'@$/* as these may have special meanings in command syntax
If you use any non-ASCII characters (eg etc) use the -passfile option to read the
password(s) from a utf8 file with a Byte-order-Mark to avoid differences in encoding
causing problems.
Do not use the -pass option with passwords including spaces or any other nonAlphanumeric ASCII characters
If you require more than one password you may use either of the following approaches;
Put the passwords in a text file - one on each line - and then use a -passfile command
Examples:
2:7
12 Series
Fexc5kmFRfc
ll4f6DedrfggFr
2.8
Examples
2.8.1
Single File
To encrypt a single file with the RC4 algorithm:
pmlencrypt
2.8.2
raw.txt
encrypted.txt
Folder of Files
To encrypt a folder of files with the basic algorithm and buffering after three reads:
pmlencrypt -basic -buffer 3 raw_folder .folder
2.8.3
2.8.4
2.8.5
Check that the files and folders you will be working with have current backups. If delete
or overwrite your only copies of a file there is no way to get it back from an encrypted
version.
Find the PMLLIB folder you wish to encrypt, and make sure that no-one is using it. In
this example I will assume that the folder is called 'pmllib' and that the PML Publisher
encryption utility has been installed in the same folder.
2:8
12 Series
Make a complete writeable version of the pmllib folder and all its contents in the original
location:
xcopy /E /I pmllib_original pmllib
Encrypt from the pmllib_original back to pmllib (this will replace with encrypted versions
all files that have .pmlmac, .pmlfrm, .pmlobj or .pmlfunc extensions, but leave other
files unchanged)
.\pmlencrypt.exe -pmllib pmllib_original pmllib
Before distributing files containing Intellectual Property that you wish to protect you
must check that all the correct files are encrypted. Folder comparison programs (such
as 'Beyond Compare' from Scooter Software) allow you to identify files that were not
changed by the pmlencrypt - for example because they have different file extensions or
because files were read-only.
2:9
12 Series
2:10
12 Series
3.1
Error Messages
You may see the following error messages:
(46,103) PML: Encrypted
file is corrupt or of unknown
format
3:1
12 Series
3:2
12 Series
Index
Buffering . . . . . . . . . . . . . . . . . . . . . . . . . 2:6
Licensing . . . . . . . . . . . . . . . . . . . . . . . . 2:1
U
Unicode and Encodings . . . . . . . . . . . . . 2:3
F
Files
Choosing . . . . . . . . . . . . . . . . . . . . . 2:2
Encrypted . . . . . . . . . . . . . . . . . . . . . 3:1
Folder Paths . . . . . . . . . . . . . . . . . . . 2:3
Folder Tree . . . . . . . . . . . . . . . . . . . . 2:3
in a Folder . . . . . . . . . . . . . . . . . . . . 2:3
Names . . . . . . . . . . . . . . . . . . . . . . . 2:2
Single . . . . . . . . . . . . . . . . . . . . . . . . 2:3
H
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2:1
Index page 1
12 Series