Protecting WSS Passwords in SOAP UI Project files

Question

We want to buy SOAP UI PRO but our company's security polciy say no passwords can be stored in clear text. WSS Passwords are stored by default in the project file. There is an option to encrypt the SOAP UI project file from within SOAPUI.
Question:
What security algorithm is used and what is the cipher strength ?

I see there are also ways to set passwords dynamically from the SoapUILoadTestRunner class. Would this be a better option than just encrypting the entire file ?

smartbear_suppo · Answer

Hi!soapUI uses the PBE encryption provided by the not-yet-commons-ssl library (http://juliusdavies.ca/commons-ssl/pbe.html), it uses DES-3 (168 bit keys) by default.You could definitely have passwords stored externally and create a script in soapUI that reads and sets them accordingly when running your tests.regards!/Oleeviware.com

silverja · Answer

Is the PBE encryption level still the same in version 4.5.1?

Forum Discussion

Protecting WSS Passwords in SOAP UI Project files

2 Replies

Recent Discussions

Signature\Encryption tags missing in Security Header

CVE-2024-7565 and CVE-2017-16670 vulnabilities

Vulnerabilities found in SoapUI 5.9.1

Related Content

Sentinel Admin control control is password protected

How to open a password protected excel workbook in TestComplete?

Cannot run loadtestrunner because the project is protected