Forum Discussion

marinb's avatar
marinb
Contributor
6 years ago
Solved

Using Project/ProjectSuite password variables in other places than SetText or Keys

So we wanted to make our test data a bit more secure an decided to move the login password strings to the project variables and make it a password, so that it is encrypted and not hardcoded in our sc...
  • tristaanogre's avatar
    tristaanogre
    6 years ago

    Here's what we use:

     

    function getDBConnectionString(){
    return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
            SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
            SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
            Project.Variables.SQLpassword.DecryptedValue;
}

    It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.

marinb's avatar
marinb
Contributor

The documentation literally says it only works for Keys + SetText:

https://support.smartbear.com/testcomplete/docs/testing-with/variables/data-types/password.html

 

If you try to use it elsewhere, it looks like this:

    {414EEFD2-6760-437C-B9A7-61FE6CAB07C5}SomeProjectSuitePasswordVar

 

If there is a decrypt command (DecryptedValue...is that a TestComplete method? Cannot find it in the help) , then won't people be able to decrypt it, defeating the purpose?

tristaanogre's avatar
tristaanogre
Esteemed Contributor
6 years ago

Here's what we use:

 

function getDBConnectionString(){
    return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
            SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
            SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
            Project.Variables.SQLpassword.DecryptedValue;
}

It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.

  • marinb's avatar
    marinb
    Contributor
    6 years ago

    -edit-

    I had just written an extensive post about the fact it didn't work when I used the DecryptedValue construction, but then I realized there was a \ in the password and we had put in and extra \ since it was sent as a string before. Which needed to be removed again

     

    So it works! Thanks! :)