cancel
Showing results for 
Search instead for 
Did you mean: 

Using Project/ProjectSuite password variables in other places than SetText or Keys

SOLVED
marinb
Contributor

Using Project/ProjectSuite password variables in other places than SetText or Keys

So we wanted to make our test data a bit more secure an decided to move the login password strings to the project variables and make it a password, so that it is encrypted and not hardcoded in our script unit anymore.

 

I wanted to do the same thing with the password we use to access the application's SQL database, but found out it didn't work. After reading the information I noticed password variables only work for SetText and Keys.

 

Is there a workaround within TestComplete to also make it work when the password is used in another way?

For example when using it to set an SQL connection string.

1 ACCEPTED SOLUTION

Accepted Solutions
tristaanogre
Community Hero

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

Here's what we use:

 

function getDBConnectionString(){
    return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
            SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
            SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
            Project.Variables.SQLpassword.DecryptedValue;
}

It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.


Robert Martin
[Hall of Fame]
Please consider giving a Kudo if I write good stuff
----

Why automate?  I do automated testing because there's only so much a human being can do and remain healthy.  Sleep is a requirement.  So, while people sleep, automation that I create does what I've described above in order to make sure that nothing gets past the final defense of the testing group.
I love good food, good books, good friends, and good fun.

Mysterious Gremlin Master
Vegas Thrill Rider
Extensions available

View solution in original post

5 REPLIES 5
AlexKaras
Community Hero

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

Hi,

 

> password variables only work for SetText and Keys.

More detailed description of 'does not work' usually helps to get a faster and more helpful reply...

My guess is that you are looking for password.DecryptedValue.

 

 

Regards,
  /Alex [Community Hero]
____
[Community Heroes] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Heroes]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Hero] signature is used with permission by SmartBear Software.
https://community.smartbear.com/t5/custom/page/page-id/hall-of-fame
================================
marinb
Contributor

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

The documentation literally says it only works for Keys + SetText:

https://support.smartbear.com/testcomplete/docs/testing-with/variables/data-types/password.html

 

If you try to use it elsewhere, it looks like this:

    {414EEFD2-6760-437C-B9A7-61FE6CAB07C5}SomeProjectSuitePasswordVar

 

If there is a decrypt command (DecryptedValue...is that a TestComplete method? Cannot find it in the help) , then won't people be able to decrypt it, defeating the purpose?

tristaanogre
Community Hero

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

Here's what we use:

 

function getDBConnectionString(){
    return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
            SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
            SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
            Project.Variables.SQLpassword.DecryptedValue;
}

It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.


Robert Martin
[Hall of Fame]
Please consider giving a Kudo if I write good stuff
----

Why automate?  I do automated testing because there's only so much a human being can do and remain healthy.  Sleep is a requirement.  So, while people sleep, automation that I create does what I've described above in order to make sure that nothing gets past the final defense of the testing group.
I love good food, good books, good friends, and good fun.

Mysterious Gremlin Master
Vegas Thrill Rider
Extensions available

View solution in original post

AlexKaras
Community Hero

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

Hi,

 

won't people be able to decrypt it, defeating the purpose?

Considering that you need TestComplete/TestExecute to run test code and that test code is plain text (so you always can either debug it or log whatever you need), the answer is obvious: those who are interested will have no problem to get what they need.

 

Regards,
  /Alex [Community Hero]
____
[Community Heroes] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Heroes]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Hero] signature is used with permission by SmartBear Software.
https://community.smartbear.com/t5/custom/page/page-id/hall-of-fame
================================
marinb
Contributor

Re: Using Project/ProjectSuite password variables in other places than SetText or Keys

-edit-

I had just written an extensive post about the fact it didn't work when I used the DecryptedValue construction, but then I realized there was a \ in the password and we had put in and extra \ since it was sent as a string before. Which needed to be removed again

 

So it works! Thanks! 🙂

 

 

New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors