cancel
Showing results for 
Search instead for 
Did you mean: 

SessionCreator - improve password security

SessionCreator - improve password security

From its description, we believe SessionCreator could solve several of the problems we've encountered by letting us run a truly headless session, but password security is preventing us from being able to use it. The user account(s) running our tests have access to highly-regulated data and we simply cannot pass the authentication details it in the command line or store it in plain text in a file.

 

Please add support for encrypted passwords, re-using an existing session based on a key of some kind, or some other method so we do not have to have passwords visible in plain text.

7 Comments
Community Leader

You can use the DotNet system to encrypt and decrypt passwords in TestComplete using the built in framework assembly System.Text

The way to do that is to use dotNET.System_Text.xxxxxx and use the encryption algorithem of your choice.

 

You can also use something like the Azure KeyVault and keep all your encrypted passwords there and retrieve them with an API call during the execution of the test without every having access to the passwords in the test.

 

Cheers

Lino

Community Hero

While @LinoTadros is correct in what he's mentioning concerning encrypted passwords, in this case, unfortunately, I'm not sure it applies.  The SessionCreator tool that ships with TC is a commandline uitlity with a password command line switch that, at this time, is not encrypted.

Contributor

@tristaanogre - that's exactly what I was about to say. The suggestions are appreciated, but look like they're downstream from where we need the passwords to be protected.

Community Leader

Sorry about that, I missed the "SessionCreator" part.

My apology

-Lino

Contributor

CI systems like Jenkins can encrypt passwords and save it securely. So if you use SessionCreator with CI system your password could be hidden.

Contributor

@Bobik - we have a homegrown command line tool that we use for kicking off the tests. We have jenkins and use it in some cases, but we'd get the most value from being able to run them from the command line.

ml
Contributor

Isnt it possible that TC can cooperate with Windows Accounts? Also see this request https://community.smartbear.com/t5/TestComplete-Feature-Requests/Network-Suite-Auto-User-Login/idi-p...