Encrypting Login Information

Greetings, fellow testers. In yesterday's blog post, and the related video, I showed a test that entered a username and password as part of a login process. Hopefully you noticed something disturbing there — storing a password in plain-text and letting it be displayed for all to see. Though perhaps that's ok with non-production systems, it's still not normally something you'd want to do very often.

Fortunately, there are a couple of properties we can set on the test step to control this.

The first one to look at is IsPassword. Changing this to True will mask the password in the step description. Note that no encryption is done, and setting the property back to False will allow the password to be displayed (and changed).

The Encrypt property, when set to True, immediately encrypts whatever text is in the step. This is a one-way operation — Once the property is set to true, it cannot be changed back to false. The text cannot be modified and the step cannot be converted to code. If the password changes, you'll need to delete and re-create this step with the new text.

I recommend having just one test to take care of logins - use Add Test as Step to include this in your other tests. Doing this centralizes your username/password information, reducing the number of places you'll need to change when usernames, passwords or the login page itself changes. This is a good practice, known in the development side of the house as keeping your code DRY — testing should be treated just as seriously and professionally as programming.

Peace,
Steven

About the Author

Steven Vore

Steven Vore is an Evangelist for Telerik's Test Studio. He has worked in software support and testing for the better part of two decades, and enjoys exploring ways to make software easier to use. He is a fan of movies and music, and can often be found on Twitter as @StevenJV.