jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepak Shetty <shet...@gmail.com>
Subject Re: How to mask/encrypt values sent as an HTTP request parameter
Date Tue, 05 Oct 2010 19:00:24 GMT
need Source code modification as far as I know BUT
 Whats preventing a user from adding a debug sampler? whats preventing a
user from invoking the same code that decrypts the password ? What security
have you really added? If you really wanted the password to be secure (which
is the policies intent rather than it is not viewable) you will have to work
at an OS level.

If these are critical passwords then why not let the user enter the password
(either at launch time or by modifying the test) (usually not feasible for
Db passwords but may be feasible for website logins).

On Tue, Oct 5, 2010 at 11:39 AM, black gaff <joseph.killian@gmail.com>wrote:

>
> I realize the password could still be obtained with enough motivation.
>
> I'm working towards ensuring the password is written to the Log File nor
> visible in View Results Tree.  It would be great if there was something
> like
> HTTP Authorization Manager or the Login Config Element that worked on HTTP
> Requests
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/How-to-mask-encrypt-values-sent-as-an-HTTP-request-parameter-tp3200142p3200202.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message