Forum Discussion

marinb's avatar
marinb
Contributor
6 years ago
Solved

Using Project/ProjectSuite password variables in other places than SetText or Keys

So we wanted to make our test data a bit more secure an decided to move the login password strings to the project variables and make it a password, so that it is encrypted and not hardcoded in our script unit anymore.

 

I wanted to do the same thing with the password we use to access the application's SQL database, but found out it didn't work. After reading the information I noticed password variables only work for SetText and Keys.

 

Is there a workaround within TestComplete to also make it work when the password is used in another way?

For example when using it to set an SQL connection string.

  • Here's what we use:

     

    function getDBConnectionString(){
        return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
                SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
                SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
                Project.Variables.SQLpassword.DecryptedValue;
    }

    It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.

5 Replies

  • AlexKaras's avatar
    AlexKaras
    Champion Level 3

    Hi,

     

    > password variables only work for SetText and Keys.

    More detailed description of 'does not work' usually helps to get a faster and more helpful reply...

    My guess is that you are looking for password.DecryptedValue.

     

     

    • marinb's avatar
      marinb
      Contributor

      The documentation literally says it only works for Keys + SetText:

      https://support.smartbear.com/testcomplete/docs/testing-with/variables/data-types/password.html

       

      If you try to use it elsewhere, it looks like this:

          {414EEFD2-6760-437C-B9A7-61FE6CAB07C5}SomeProjectSuitePasswordVar

       

      If there is a decrypt command (DecryptedValue...is that a TestComplete method? Cannot find it in the help) , then won't people be able to decrypt it, defeating the purpose?

      • tristaanogre's avatar
        tristaanogre
        Esteemed Contributor

        Here's what we use:

         

        function getDBConnectionString(){
            return 'MultiSubnetFailover=True;Provider=SQLOLEDB.1;Persist Security Info=False;Database=' + 
                    SMF.SQLUtilities.databaseName + ';Server=tcp:' + 
                    SMF.SQLUtilities.SQLServerName + ',1433;User Id=testcomplete;Password = ' + 
                    Project.Variables.SQLpassword.DecryptedValue;
        }

        It doesn't actually decrypt into plain text on screen, it just passes the Decrypted value through.  No where does that actual value get exposed unless I were to write that string out to a log or something.