Mask global parameters in Data Binding and Report files
When using the ************************* plugin for example, all the Report files that will be sent to the **** board contain your credentials (defined in the global parameter section) such as the user name and the password. This is a huge security issue because everyone who has access to the board can actually download the Report files and search for the password defined as $Jira_Password = 'abc' for example.
Anonymous
shared this idea
2 comments
-
When passing through login credentials I recommend to use a simple data source as it allows to mask your data: https://www.ranorex.com/help/latest/data-connectors/simple-data-table
This way your password is masked in the report. Keep in mind that the password is saved plaintext in the .rxtst file.
Best regards
The Product Management Team -
Kevin Boutsen
commented
Even one step further, many times the solution is stored in a source control with those global parameters filled in. Meaning they are readable as well --> security risk.
Better is to seperate the parameters to 2 different files.
One acting as a placeholder ( this should be pushed to source control ) and a other version holding the actual values.
Most of the times the actual values version will be created in the CI chain for example with Chef. This makes it also a lot easier to work with different environments.
