Encryption does not hide the Endpoint userid and password

Hi!

I'm not sure what you mean by the "new Encryption"; if you want the entire project to be encrypted on disk please have a look at possibility; http://www.soapui.org/userguide/project ... ption.html

or what did you have in mind?

regards!

/Ole
eviware.com

1.   "New" encryption.   =>   I had an old version of SoapUI.  It would display the WS authentication login and password for each "request" in clear text.
      Now they are hidden with asterists.  (very nice)

2.   If you password protect a "project", the majority of the contents of the .XML project file are encrypted.  (very nice!   And yes this is what I had in mind.)
      A.   Userid’s and Passwords that are included in the properties of EACH "request" are also encrypted with the request.   (Also very nice!)
      B.   One can specify a Userid and Password with the “Service Endpoint”* so that each request does not have to specify a userid and password.
             However, when I specify a Userid and Password on the “Service Endpoint” tab, those Userids and Passwords are stored in the XML of the Project in CLEAR TEXT!
             (not nice.)  (even with a global password and a project password specified)

             Interestingly enough, I can go into the .XML with a text editor and remove the userid and password and save it, but somehow SoapUI still knows what those values are and REPOPULATES THEM! 

Thanks,
Mike

* Quote from SoapUI help page (http://www.soapui.org/userguide/requests.html)
Authentication
If the service requires authentication, soapUI will attempt to authenticate using the specified username, password, or domain values specified either at the endpoint level via the Service Endpoints or those specified in the Request Details Tab (or a combination of both). Currently supported authentication types are those supported by HttpClient, i.e. Basic, Digest and NTLM authentication. SSL should work (=not tested!) if you use https urls and install JSSE accordingly.