2

For login page: I need to login with username and password, I should pass the password in encrypted format. While so I would need to save the password encrypted in test data. While sending password to that field I should decrypt and send that in selenium script. it is necessary. Any secret key or password must be encrypted with any logic.

Security is the most important thing. Password should be in encrypted form. Cross-browser: How to perform cross browser testing

Anybody please help me to perform password encryption and multiple browser configuration:

package util;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
/**
 * Created by naveen on 29/11/16.
 */
public class DriverManager {
 public static WebDriver driver;
 String baseUrl="http://qmsadm/";
 public DriverManager()
 {
 System.setProperty("webdriver.chrome.driver","/home/naveen/chromedriver");
 driver=new ChromeDriver();
 driver.get(baseUrl);
 driver.manage().window().maximize();
 }
}
package login;
import org.testng.annotations.*;
import org.testng.Assert;
import pageobjects.HomePage;
import steps.LoginSteps;
import util.DriverManager;
public class loginTest2
{
 @BeforeSuite(groups = {"regression"})
 public void initDriver(){
 DriverManager manager = new DriverManager();
 } 
 @Parameters({"userName","password"})
 @Test
 public void verifyValidLogintoSpree(String userName, String password)
 {
 LoginSteps loginSteps = new LoginSteps();
 HomePage expected_message=loginSteps.Login(userName,password);
 Assert.assertEquals(expected_message,"MY ACCOUNT");
 }
}

testng.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
 <suite name="Regression">
 <parameter name="userName" value="geosony"/>
 <parameter name="password" value="1"/>
 <test name="regression">
 <groups>
 <run>
 <include name="regression"/>
 <exclude name="sanity"/>
 </run>
 </groups>
 <classes>
 <class name="login.loginTest"/>
 </classes>
 </test>
</suite>
asked Jan 19, 2017 at 9:07
1
  • Actually we are struggling with something similar, but your question is way too long and with unnecessary details. Can you shorten it and leave only the basic question ? it is also probably not related to language, environment or test tool. Finally, you can ask in the DevOps stackexchange or related SW engineering ones- this is a classsic deployment problem, how do you deploy passwords (to DBs or services) in a secure way Commented Jan 19, 2017 at 9:31

3 Answers 3

3

Instead of putting the password hardcoded (encrypted or not) in the test-data I would create a test-user for each separate test-run with a random-password only known to the test-run.

Simplest way is to insert a new user into the database similar as the application would do from the management views. I would ask my developers to help me with this as they know how the management views create the users. Preferable I would let the tests re-use the same code.

Also you could block access to the test-environment from the internet. Let say only accessable from the developers desktops and continuous integration servers. If so I really do not see an issue with putting a password in a text-file really.

Encryption will not help as the decryption key also needs to be included in the code. Or in a separate file which you need to share with everyone who wants to run the test, including any servers. Here is some code for Java to en/de-crypt a string: https://stackoverflow.com/questions/4487525/encrypt-and-decrypt-a-string-in-java Store the SecretKey in a config file you read from disk and don't commit this file to the source code or else anyone can decrypt it again. This separate file thing feels like to much work if you ask me.

answered Jan 20, 2017 at 18:03
2

Note that no matter what tool or software you are using (Selenium, Webdriver, Ranorex, Kantu Browser,...), all passwords must be decrypted before sending them to the web browser. At this point any malicious person/hacker/tool can view them in plain text. Here is one way how to do it.

So passwords used for web testing are never secure, they are obfuscated at best (= making it a bit harder to steal, but not impossible).

Bharat Mane
6,78512 gold badges42 silver badges69 bronze badges
answered Jan 19, 2017 at 9:49
3
  • I got the password text. but how to secure my password and how to do in selenium ? Commented Jan 19, 2017 at 11:02
  • There is no way to secure it. The best you can do is to store the passwords in encrypted form (= secured at rest). But Selenium needs to decrypt it and send the PLAIN TEXT password to the browser. The best solution is to use passwords that are test accounts, and contain no important information. The second best is to make sure you control the access to the test machines, so only authorized persons can access it. Once at the test machine, everyone can get the passwords. Commented Jan 19, 2017 at 11:27
  • can you please add the code about password encryption and decryption Commented Jan 19, 2017 at 12:14
0

Please use the below utility to encrypt and decrypt the test data , easy to use and effective when working with the shared data :

https://youtu.be/A6CPmKUAmT4

answered Feb 12, 2021 at 15:24
1
  • Please review sqa.stackexchange.com/help/how-to-answer specifically the section on Links. Links can go stale. In this case, the YouTube video can be deleted. What are the relevant parts of that video that answers this question? Commented Feb 12, 2021 at 17:49

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.