security - Strategies for safely storing and using user credentials testing environments -

-

problem

i setting set of e2e tests on existing web-app. requires automated login on login-page (mail & password). far, still developing tests, have been putting test account credentials in cleartext in test scripts. have been removing credentials manually before each commit, not hold proper automated testing on server somewhere, nor if developers should able run tests comfort of own computers. furthermore, tests need able run several different sets of user credentials, , credential safety critical. since need test access rights, seems cannot avoid having @ least 1 test account access confidential data.

question

so question is: strategies know of, or use, safely storing , using test credentials in testing environments on developer machines, separate servers, or both?

prior research

i have spent few days looking around web (mostly stackoverflow, , many attempts @ using google-fu) asking colleagues, without finding known , used strategies handling , storing credentials in tests. reckon many skilled programmers must have solved problem in numerous ways.

stackoverflow kindly suggested these similar questions, offer interesting strategies:

  • safely storing credentials when need retrieve password use, accepted answer recommends encrypting configuration file. seems interesting idea, unclear me how distributes across servers , individual developer computers, , how logistics of handled.
  • storing credentials automated use, asker responds themself stating put credentials cleartext in file on password-protected server. might work single server, think problematic if number of local developer machines or separate test servers used testing.

case specifics

i think question of general interest regardless of implementation details, might of interest provided here anyway.

i using protractor testing angularjs apps, , considering grunt further test automation. plan on hooking tests on our git server, , have run tests @ each commit master branch, know never breaking. or, not breaking during our tests, @ least :)

i'm not sure mean when 'strategies safely storing , using user credentials testing environments'. state tests need run different sets of credentials. if test able credentials in clear text, other application/user running under same account.

sure, can encrypt file storing passwords, you'd need store encryption key somewhere in application or on machine application able decrypt it.

you use asymmetric encryption encrypt credentials public key , give access private key account running tests. still, being able log on under account runs tests able decrypt credentials file , passwords.

the best option not use confidential data in testing. work company doing medical software, , have test domain in set our software well-known accounts , use fake data test it.

or if want other developers able run tests under own credentials, consider switching kerberos , avoid passwords together.


Comments

Post a Comment

Popular posts from this blog

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -

-
any ideas when firefox implement lengthadjust andtextlength?..... working svg application. lengthadjust , textlength working fine in chrome not working in fire fox . <svg viewbox = "0 0 500 300" version = "1.1"> <defs> <path id="s3" d="m 10,90 q 100,15 200,70" /> </defs> <g> <text font-size = "20"> <textpath xlink:href="#s3" textlength="205"> short text</textpath> </text> <use xlink:href="#s3" fill="none" stroke="black" stroke-width="1"/> </g> </svg> this implemented in firefox text elements (not textpath or tspan) in case that's ok though can move attribute text element. <svg viewbox = "0 0 500 300" version = "1.1"> <defs>
Read more

matlab - "Contour not rendered for non-finite ZData" -

-
i'm trying plot frequency characteristic equation using ezplot, matlab gives following warning, "contour not rendered non-finite zdata". have used command plot frequency equations warning , plot display empty , not change axis range well. can please help. appreciated. here's code i'm using. % transfer matrix case-i, thin rotor clear all; clc; ei = 1626; l = 0.15; m = 0.44108; = 2.178*10^-4; i_p = 2.205*10^-5; itr = 0.24; i_pr = 0.479; syms p n; f = [1 l*1i l^2/(2*ei)*1i l^3/(6*ei); 0 1 l/ei -l^2/(2*ei)*1i; 0 0 1 -l*1i; 0 0 0 l]; p = [ 1 0 0 0; 0 1 0 0; 0 -it*p^2+i_p*n*p 1 0; -m*p^2 0 0 1]; p_r = [1 0 0 0; 0 1 0 0; 0 -itr*p^2+i_pr*n*p 1 0; -m*p^2 0 0 1]; = f*p*f*p*f*p*f; b = p_r*f*p*f*p*f; r = a(1,2)/a(1,4); a12_p = 0; a22_p = a(2,2)-r*a(2,4); a32_p = a(3,2)-r*a(3,4); a42_p = a(4,2)-r*a(4,4); ap(2,2) = a22_p; ap(3,2) = a32_p; ap(4,2) = a42_p; ap(4,4) = 1; c = b*ap; m = [c(3,2) c(3,4); c(4,2) c(4,
Read more

delphi - Indy UDP Read Contents of Adata -

-
i using indy udp server read string of data. however, not know how work adata parameter. can around converting binary using bytetobin function below , convert hex using bintohex1 . feel stupid , works slow. know how can directly results without 2 conversions? thanks!! here codes: procedure tform1.idudpserver1udpread(athread: tidudplistenerthread; const adata: tidbytes; abinding: tidsockethandle); var buf: tidbytes; buffer: string; data_received: string; begin if bytestostring(adata) <> 'hello' begin buffer := hextostring('00'); setlength(buf, length(buffer)); copytidstring(buffer, buf, 0); abinding.sendto(abinding.peerip, abinding.peerport, buf); data_received := bintohex1(bytetobin(adata[1]) + bytetobin(adata[2]) + bytetobin(adata[3]) + bytetobin(adata[4]) + bytetobin(adata[5]) + bytetobin(adata[6]) + bytetobin(adata[7]) + bytetobin(adata[8]) + bytetobin(adata[9]) + bytetobin(adata[10]) + bytetobin(adata[11
Read more