Onboard Selenium IDE to Firm.Need help with questions wrt data privacy
34 views
Skip to first unread message
Bunty
Jan 23, 2022, 11:37:20 PM1/23/22
to Selenium Users
Hi,
I am huge fan of Selenium IDE for Chrome .But to onboard it to an Investment Firm , i work ,would need some help in answering few questions w.r.t data privacy and usage .
1)What type of data is handled by the extension .Any PII data at risk ?
2)Does this plugin requires local PC port opening ?
3)Use of jars/library by the extension .Can we configure where from the extension should point for Selenium jars/Chrome binary?
4)Ask on damage potential :
a)if attackers gain access to the plugin ,what's the worst situation that would arise
b)if tampered data (steps recorded)is stored in storage for further use by users?
c)Please measure impact incase of system compromise -(Reputation/Regulatory/Financial | High/Moderate/Low)
5)Can i restrict the plugin once onboarded to be used for specific domains and environment alone .
6)Is there any enterprise edition available ?
7)If onboarded .Will there be any data the extension feeds to external world ?.
8)With newer versions of Chrome coming up ,will the extension stop working ?Can we change the dependent libraries ourselves .
I am huge fan of Selenium IDE for Chrome .But to onboard it to an Investment Firm , i work ,would need some help in answering few questions w.r.t data privacy and usage .
1)What type of data is handled by the extension .Any PII data at risk ?
2)Does this plugin requires local PC port opening ?
3)Use of jars/library by the extension .Can we configure where from the extension should point for Selenium jars/Chrome binary?
4)Ask on damage potential :
a)if attackers gain access to the plugin ,what's the worst situation that would arise
b)if tampered data (steps recorded)is stored in storage for further use by users?
c)Please measure impact incase of system compromise -(Reputation/Regulatory/Financial | High/Moderate/Low)
5)Can i restrict the plugin once onboarded to be used for specific domains and environment alone .
6)Is there any enterprise edition available ?
7)If onboarded .Will there be any data the extension feeds to external world ?.
8)With newer versions of Chrome coming up ,will the extension stop working ?Can we change the dependent libraries ourselves .
thanks in advance
Regards,
Diptanu
Ned Thompson
Feb 8, 2022, 11:17:46 PM2/8/22
to Selenium Users
If you record PII as input, that input value will be stored somewhere. I'm not exactly sure how it's stored, but a simple test recording will blatantly show you that it's storing the value (see screenshot). If you export the recording as a script, the input values will be hardcoded in that script. The good news is that Selenium is open source, so your firm can have a look and decide for themselves - https://github.com/SeleniumHQ/selenium-ide
If you're using Selenium as a testing tool, this shouldn't be an issue. I could see some cases where you might need to pass live PII through a test, but I imagine those would be rare and need to be carefully handled by a framework that reads live PII data from an encrypted secrets file, not from some quick test recording.
I believe the fact that Selenium is open source answers most of your questions.
If you're using Selenium as a testing tool, this shouldn't be an issue. I could see some cases where you might need to pass live PII through a test, but I imagine those would be rare and need to be carefully handled by a framework that reads live PII data from an encrypted secrets file, not from some quick test recording.
I believe the fact that Selenium is open source answers most of your questions.
Reply all
Reply to author
Forward
0 new messages