jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepak Shetty <shet...@gmail.com>
Subject Re: How to mask/encrypt values sent as an HTTP request parameter
Date Tue, 05 Oct 2010 18:35:04 GMT
> This causes the actual user name/password to be written to the Simple
Results
>file and be displayed in the View Results Tree > Request tab.
There is no way around this as far as I know (unless you are willing to
modify JMeter Source code to suppress certain values). But it only solves
the problem that the password is visible in the listener you could still get
the password if you were motivated enough.

>My company has a rule that user name/passwords cannot be stored in scripts.
And encrypting them and decrypting them just before passing them in(or
within the test itself) should be enough (as you say you are doing).  If
anyone argues that it isnt , consider that there has to be a way for JMeter
to access the actual password and if JMeter can do it , so can any
technically competent person (or simpler just use a proxy and configure
JMeter to use the proxy and you will be able to see the password). . For
e.g. if you encrypt the password with a key , all you need to know is the
key to decrypt the password. The key must be accessible to Jmeter so it must
be accessible to the user running JMeter too. All in all not worth it ,
though you might be able to accomplish what you need in *nix systems (by
making Jmeter run as a different user and only allowing the user to run
JMeter (and restricting even read access to all files) but I dont know
enough of unix to say for sure.





On Tue, Oct 5, 2010 at 11:15 AM, black gaff <joseph.killian@gmail.com>wrote:

>
> In short, does anyone know of a workaround to mask/encrypt values sent as
> an
> HTTP request parameter?
>
>
> My company has a rule that user name/passwords cannot be stored in scripts.
>
> In my JMeter scripts, I've gotten around this by passing the user
> name/password through the command line and storing them as properties to be
> retrieved later.
>
> The user name and password are passed in an HTTP Request as parameters.
> This
> causes the actual user name/password to be written to the Simple Results
> file and be displayed in the View Results Tree > Request tab.
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/How-to-mask-encrypt-values-sent-as-an-HTTP-request-parameter-tp3200142p3200142.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message