Ask a Question

Password from SecureStringStorage

sergej_jermakow
New Contributor

Password from SecureStringStorage

Hi,



how can I encrypt my password from SecureStringStorage.dat and set it into Project variable? This is for our security elemental. Would be nice if there's some way to realise this.



Best regarts

Sergej
6 REPLIES 6
AlexKaras
Community Hero

Hi Sergej,



If you are talking about SecureStringStorage.dat from http://support.smartbear.com/viewarticle/9030/, isn't it already encrypted in the file?



If you are concerned that the password is stored in decrypted form in the project variable, then why not to get it right before you need it? You will lose in performance a bit, but I don't think that it will be considerable loss. Anyway, the password will be decrypted before entering into control, so you can always get it by setting a breakpoint or performing a debug print to the log. I.e. security is useless if you have access to debugger and sources and this is the case with almost every test project.
Regards,
  /Alex [Community Hero]
____
[Community Heroes] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Heroes]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Hero] signature is used with permission by SmartBear Software.
https://community.smartbear.com/t5/custom/page/page-id/hall-of-fame
================================
sergej_jermakow
New Contributor

Thank you for the quick answer!

Perhaps I didn't explain good enough... My problem is, the decrypted password can be seen in the "Value"-column of my test-steps (test is a login).

Not only our employees but the customers too can possibly see this. And the customer is very keen on data security. So that's a big problem for us.







We have no experience with this tool to this point, but we think of using it more in future, if it fits our requirements 🙂



Best regards,

Sergej
TanyaYatskovska
SmartBear Alumni (Retired)


Hi Sergej,


 


All your passwords will be stored in the SecureStringStorage.dat file. Thus, in TestComplete, the line of putting the target password to the application's control will look like this:




 var pwd = //loading a password from the file


 Obj.SetText (pwd)


 

---------
Tanya Yatskovskaya
SmartBear Community and Education Manager



sergej_jermakow
New Contributor

Dear Alexei and Tanya,



thanks for your reply. As you might have seen, I want to set a method's name instead of a clear text password. That means, that if TestComplete tries to set the stored "password", it instead runs the method and loads the password.





From the first link I see in general, how a password can be stored.

(I dont' understand, where

secureStorage.Item("secureStorageData").Item("sitePassword") = "MY_SITE_PASSWORD"

comes from, because it is unrelated to previous code.)



What I thought I can do is something like

var passwd = SecureStringStorage.Load(secureStoragePath, login)

=> give path to file and login of required password, get password



Maybe it is enough, if you can post a link where I find the class SecureStringStorage fully described, with all methods and operations. 



It it is easier, we might write in Russian 😉



Thanks,

Sergej
AlexKaras
Community Hero

Hi Sergej,



Not sure that I completely understood what you'd like to do, but based on the provided screenshot and your previous post:

a) You can assign password value to either project or keyword test variable using the Run Script operation and that set the value of the password field using this variable (change the value of the Mode control from Constant to Variable in the operation's properties);

b) I am not sure that SecureStorage file can easily be copied from one machine to another, so, most probably, you will have to initially store required values to the storage on every new machine (by, maybe, using separate script);

c) Script extensions are just zip archives with the .tcx extension. So you can open SecureStringStorage.tcx script extension file and examine the code.



Russian is not used on this forum (as well as any other language except English, though you may contact us privately) as there are other people reading it who may not understand this or that language. For the Russian-only speaking people I can recommend http://software-testing.ru/forum/index.php?/forum/28/ resource, though it is not officially monitored by SmartBear's Support.



P.S. From the screenshot I see that the test automates Remote Desktop login. I would recommend the Remote Desktop Plus application (http://www.donkz.nl/remotedesktopplus/downloads/) which is free and provides a lot of useful functionality in addition to connect using command line with encrypted password.
Regards,
  /Alex [Community Hero]
____
[Community Heroes] are not employed by SmartBear Software but
are just volunteers who have some experience with the tools by SmartBear Software
and a desire to help others. Posts made by [Community Heroes]
may differ from the official policies of SmartBear Software and should be treated
as the own private opinion of their authors and under no circumstances as an
official answer from SmartBear Software.
The [Community Hero] signature is used with permission by SmartBear Software.
https://community.smartbear.com/t5/custom/page/page-id/hall-of-fame
================================
MaheshIllur
Occasional Contributor

hi, I am new to testcomplete

 

Could someone please provide me sample SecureStri​ngStorage.dat file so that I can look into and use accordingly for my requirement.

 

Thank you

Mahesh

cancel
Showing results for 
Search instead for 
Did you mean: