Password encryption

Sensitive information like passwords should be treated with care. However often tests need to fill out a login form and thus these tests require to know the password.

In order to keep passwords save, it is possible to tell QF-Test to encrypt them. This may be done by finding the “Text input” node that is inputting the password into the password field. In this node right-click the text attribute, then chose “Crypt password”:

Encrypt Password QF-Test

While executing this input text step, QF-Test will then decrypt the encrypted password in order to input the password in the corresponding login password field. The decrypted password will not be mentioned in the run log or other reports created by QF-Test.

Remarks

It is a good idea to set a salt in order to improve the password encryption. In order to do so open the options dialog (menu: Edit → Options…). In this dialog open the replay options and set a random string as password encryption salt:

Salt Password encryption

As the salt plays an important role in the password en-/decrypting algorithm, the salt has to be set before the password gets encrypted.

The salt is saved in the system.cfg. So by ensuring that all QF-Tests instances in your network are using the same system.cfg configuration file, you can ensure that all QF-Test instances can encrypt/decrypt the password. The “-systemcfg ” commandline argument may be used in order to ensure this.

Pay attention: Everyone who has both, the password salt and the encrypted password has the possibly to decrypt your password.