Is there any way to hide values in test results Page
10 views
Skip to first unread message
Hanumath P Duvvuri
Sep 13, 2011, 6:53:57 AM9/13/11
to fit...@googlegroups.com
Hi ,
Is there any way in Fitinium to hide sensitive data like passwords in results page?
Keith Sterling
Sep 20, 2011, 3:11:14 PM9/20/11
to Fitnium
Not sure what you mean, do you mean to **** out passwords and things
But they must be on the script pages that you are running, so why do
they need to be hidden on the result pages as don't you need to know
that what you entered was used and correct
Ultimately tho there is no way to do this in Fitnesse, and therefore
Fitnium
But they must be on the script pages that you are running, so why do
they need to be hidden on the result pages as don't you need to know
that what you entered was used and correct
Ultimately tho there is no way to do this in Fitnesse, and therefore
Fitnium
tko...@pictage.com
Sep 20, 2011, 4:34:54 PM9/20/11
to Fitnium
I think a different strategy might be useful rather than trying to
block out sensitive data. When I read this the first thing that came
to mind is why you would require that a users plain text password be
used? There are many security issues to consider there.
When testing with a production account we usually have a staging or
test server set up using a dump of the production database. This
environment is only available to users internal to our network. You
could update the password of the account to something meaningless like
"password" or "plaintext". That way no one will see the actual live
account password in the tests or the test results. If you do that
though, you have to be certain that people logging into the account
won't be a problem. This is only an option if you are set up on a
test / staging server.
It's not often I have to do this though. Usually we stick to test
accounts with fake data that isn't a security concern to anyone.
Setting up a test account or just changing the password to a testing
password seems like the best thing to do here.
-Tom
block out sensitive data. When I read this the first thing that came
to mind is why you would require that a users plain text password be
used? There are many security issues to consider there.
When testing with a production account we usually have a staging or
test server set up using a dump of the production database. This
environment is only available to users internal to our network. You
could update the password of the account to something meaningless like
"password" or "plaintext". That way no one will see the actual live
account password in the tests or the test results. If you do that
though, you have to be certain that people logging into the account
won't be a problem. This is only an option if you are set up on a
test / staging server.
It's not often I have to do this though. Usually we stick to test
accounts with fake data that isn't a security concern to anyone.
Setting up a test account or just changing the password to a testing
password seems like the best thing to do here.
-Tom
Reply all
Reply to author
Forward
0 new messages