User/Pass Stored in Plain Text in the XML of Project

Question

Current situation:1)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Projects can be encrypted, so all passwords are encrypted as well in the project file.2)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SoapUI 4.6 had a bug that left some passwords un-encrypted. That was fixed in 4.6.3&nbsp; (https://smartbear.atlassian.net/browse/SOAP-1143).&nbsp;&nbsp;If encryption is used you still have to share the key to decrypt it, so the passwords stored in the project file will be visible to anyone (in the team)&nbsp; that gets the key.Which, in fact should be ok, because any passwords the team needs for accessing the API:s must be accessible for anyone in the team.&nbsp;You shouldn't be storing your own personal passwords in a shared project. The APIs shouldn’t rely on someone’s private pw, they should represent specially created test users.

a212 · Answer

Hi&nbsp;Do I understand correctly?There is no way to read a password from a file that is not a properties file storing&nbsp;the password somewhere in the project?&nbsp;We have to share projects and we are not allowed to have technical users. So every user has to use his own account and password. That way any changes to the database can be traced to a real person. This security policy is not negotiable.&nbsp;To have the own password visible to others is really is a very very bad situation.&nbsp;Can paying customers file a request for improvement somewhere?&nbsp;Sincerely&nbsp;F. Arndt

Forum Discussion

User/Pass Stored in Plain Text in the XML of Project

1 Reply

Recent Discussions

Unable to authenticate license in Ready API Login button unresponsive

Assertions Panel issue to update assertions since update 3.63

ReadyAPI websocket plugin issue

Related Content

Storing project properties

In which files are project variables stored?

Project-level custom properties unable to store locally