Mask global parameters in Data Binding and Report files
When using the ********************* plugin for example, all the Report files that will be sent to the board contain your credentials (defined in the global parameter section) such as the user name and the password. This is a huge security issue because everyone who has access to the board can actually download the Report files and search for the password defined as $Jira_Password = 'abc' for example.
Anonymous
shared this idea
2 comments
-
When passing through login credentials I recommend to use a simple data source as it allows to mask your data: https://www.ranorex.com/help/latest/data-connectors/simple-data-table
This way your password is masked in the report. Keep in mind that the password is saved plaintext in the .rxtst file.
Best regards
The Product Management Team -
Kevin Boutsen
commented
Even one step further, many times the solution is stored in a source control with those global parameters filled in. Meaning they are readable as well --> security risk.
Better is to seperate the parameters to 2 different files.
One acting as a placeholder ( this should be pushed to source control ) and a other version holding the actual values.
Most of the times the actual values version will be created in the CI chain for example with Chef. This makes it also a lot easier to work with different environments.
