back
Avatar of Yann Spöri
Author: Yann Spöri
05. March 2019

Password encryption

Sensitive information like passwords should be treated with care. However often tests need to fill out a login form and thus these tests require to know the password.

In order to keep passwords save, it is possible to tell QF-Test to encrypt them. This may be done by finding the "Text input" node that is inputting the password into the password field. In this node right-click the text attribute, then chose "Crypt password":

While executing this input text step, QF-Test will then decrypt the encrypted password in order to input the password in the corresponding login password field. The decrypted password will not be mentioned in the run-log or other reports created by QF-Test.

Remarks

  • It is a good idea to set a salt in order to improve the password encryption. In order to do so open the options dialog (menu: Edit → Options...). In this dialog open the replay options and set a random string as password encryption salt:

As the salt plays an important role in the password en-/decrypting algorithm, the salt has to be set before the password gets encrypted.

  • The salt is saved in the system.cfg. So by ensuring that all QF-Tests instances in your network are using the same system.cfg configuration file, you can ensure that all QF-Test instances can encrypt/decrypt the password. The "-systemcfg " commandline argument may be used in order to ensure this.
  • Pay attention: Everyone who has both, the password salt and the encrypted password has the possibly to decrypt your password.

Comments are disabled for this post.

0 comments