Password from SecureStringStorage

Hi Sergej,



If you are talking about SecureStringStorage.dat from http://support.smartbear.com/viewarticle/9030/, isn't it already encrypted in the file?



If you are concerned that the password is stored in decrypted form in the project variable, then why not to get it right before you need it? You will lose in performance a bit, but I don't think that it will be considerable loss. Anyway, the password will be decrypted before entering into control, so you can always get it by setting a breakpoint or performing a debug print to the log. I.e. security is useless if you have access to debugger and sources and this is the case with almost every test project.

Thank you for the quick answer!

Perhaps I didn't explain good enough... My problem is, the decrypted password can be seen in the "Value"-column of my test-steps (test is a login).

Not only our employees but the customers too can possibly see this. And the customer is very keen on data security. So that's a big problem for us.







We have no experience with this tool to this point, but we think of using it more in future, if it fits our requirements :-)



Best regards,

Sergej

Dear Alexei and Tanya,



thanks for your reply. As you might have seen, I want to set a method's name instead of a clear text password. That means, that if TestComplete tries to set the stored "password", it instead runs the method and loads the password.





From the first link I see in general, how a password can be stored.

(I dont' understand, where

secureStorage.Item("secureStorageData").Item("sitePassword") = "MY_SITE_PASSWORD"

comes from, because it is unrelated to previous code.)



What I thought I can do is something like

var passwd = SecureStringStorage.Load(secureStoragePath, login)

=> give path to file and login of required password, get password



Maybe it is enough, if you can post a link where I find the class SecureStringStorage fully described, with all methods and operations. 



It it is easier, we might write in Russian ;-)



Thanks,

Sergej

Hi Sergej,



Not sure that I completely understood what you'd like to do, but based on the provided screenshot and your previous post:

a) You can assign password value to either project or keyword test variable using the Run Script operation and that set the value of the password field using this variable (change the value of the Mode control from Constant to Variable in the operation's properties);

b) I am not sure that SecureStorage file can easily be copied from one machine to another, so, most probably, you will have to initially store required values to the storage on every new machine (by, maybe, using separate script);

c) Script extensions are just zip archives with the .tcx extension. So you can open SecureStringStorage.tcx script extension file and examine the code.



Russian is not used on this forum (as well as any other language except English, though you may contact us privately) as there are other people reading it who may not understand this or that language. For the Russian-only speaking people I can recommend http://software-testing.ru/forum/index.php?/forum/28/ resource, though it is not officially monitored by SmartBear's Support.



P.S. From the screenshot I see that the test automates Remote Desktop login. I would recommend the Remote Desktop Plus application (http://www.donkz.nl/remotedesktopplus/downloads/) which is free and provides a lot of useful functionality in addition to connect using command line with encrypted password.