05. March 2019
Password encryption
Sensitive information like passwords should be treated with care. However often tests need to fill out a login form and thus these tests require to know the password.
In order to keep passwords save, it is possible to tell QF-Test to encrypt them. This may be done by finding the "Text input" node that is inputting the password into the password field. In this node right-click the text attribute, then chose "Crypt password":
While executing this input text step, QF-Test will then decrypt the encrypted password in order to input the password in the corresponding login password field. The decrypted password will not be mentioned in the run-log or other reports created by QF-Test.
Remarks
- It is a good idea to set a salt in order to improve the password encryption. In order to do so open the options dialog (menu: Edit → Options...). In this dialog open the replay options and set a random string as password encryption salt:
As the salt plays an important role in the password en-/decrypting algorithm, the salt has to be set before the password gets encrypted.
- The salt is saved in the system.cfg. So by ensuring that all QF-Tests instances in your network are using the same system.cfg configuration file, you can ensure that all QF-Test instances can encrypt/decrypt the password. The "-systemcfg " commandline argument may be used in order to ensure this.
- Pay attention: Everyone who has both, the password salt and the encrypted password has the possibly to decrypt your password.