TestComplete Security: Entering Sensitive Data
During testing, you often need to enter a user name and password to access secure resources like a remote computer or password-protected files. The easiest way to do this is to encode the user name and password in a script or save them to project variables. However, you may not want to do this for security reasons.
A simple solution for this problem is to enter the password manually. In other words, you do not create instructions that will work with the dialog that the application under test displays. When the dialog appears on screen, you enter the user name and password by hand. However, this kind of testing cannot be called “automated”, since your presence is required during the testing process.
Another way to solve this problem is to obtain the user name and password at the beginning of testing, save it, for example, to global script variables, and then use these variables to simulate the user name and password input. To request the user name and password, you can use user forms that are included in TestComplete 5.
Important: The simulation of the text input is normally entered with the
Keys method. When executing this method, TestComplete posts a message to the log reporting the values that have been entered. The password can be seen if someone looks through the log. To avoid this situation, you need to block this data from being posted to the log. This is further described below.
Note that if a project is running in TestComplete, you can see the password if you pause the script and explore the values of global variables in the Evaluate dialog. However, if the project is running in TestExecute, it’s impossible to view these values, since you cannot pause the script execution in TestExecute.
Creating a User Form
To create a user form in TestComplete:
- Add the UserForms project item to your project.
- Right-click this project item in the Project Explorer panel, select Add | New Item from the context menu and then create a new User Form item in the ensuing dialog.
- TestComplete will display the User Form editor in the Workspace panel.
To add input fields and buttons to the form:
- Find the TcxEditBox control in the Components panel of the User Form editor and drag this control to the form.
- Switch to the Properties panel of the User Form editor and specify UserNameEditBox in the
Name property. Also, you may specify the account that will be used by default in the
Text property (or you may clear the
- Drag one more TcxEditBox control to the form. This control will accept the password. Switch to the Properties panel and specify the PasswordEditBox value for the
Name property of this control. Clear the
- Expand the Properties node and choose eemPassword in the EchoMode dropdown list. Now, the symbols that you type in the edit box will be replaced with asterisks (that is, setting the EchoMode property to eemPassword provides secure input).
Now we have to add labels and the OK and Cancel buttons to the form.
To add labels:
- Switch to the Components panel and expand the Extra group.
- Drag the TcxLabel component to the form and place it before the User Name edit box.
- Switch to the Properties panel and enter User name: in the
- Similarly, add a label to the Password edit box.
To add the OK button to the form:
- Expand the Buttons category of the Components panel and drag the TcxButton control to the form. This will be the OK button.
- In the Properties panel, specify OK for the
Caption property, mrOk for the
ModalResult property and set the
Default property to True (the OK button will be the form's default button).
To create the Cancel button:
- Drop one more TcxButton control to the form.
- Switch to the Properties panel and specify Cancel for the
Caption property, mrCancel for the
ModalResult property and set the
Cancel property to True.
To specify the form’s caption, click somewhere within the form (not on a control), switch to the Properties panel and type Enter User Name and Password into the
The form should now look like this:
The following code demonstrates how you can call the form from your scripts and how to save the entered values to global variables. In order to simplify, we skipped the code that checks whether the entered values are empty or invalid:
Blocking the Test Log
As I stated above, to enter a user name and password in the application dialog, the
Keys method is used. The user name and password saved to global variables are passed to this method. However, as you may remember, the Keys method posts a message to the log containing the values that have been entered. To avoid this, you need to block posting this data to the log.
An easy way to do this is to find those calls to the
Keys method that are used to enter the password and call the
Log.UnlockEvents methods right before and after a call to the
Another approach is to create an event handler for the
OnLogEvent event. It is generated each time a message of the Event type is posted to the log. In the event handler, you can check which message is posted to the log and block the one that contains the password.
To create an event handler:
- Add the Events project item to your TestComplete project.
- Double-click the Events project item in the Project Explorer. TestComplete will display the Events editor in the Workspace panel.
- Switch to the Event Handlers page of the editor.
- Right-click the
OnLogEvent row and choose Add Event Handler from the context menu.
- TestComplete will display the dialog asking you to specify the script unit and the name of the event handler routine. Specify the desired values and press OK. TestComplete will create an empty handling routine in the specified script unit.
The following code snippet demonstrates how you can block posting messages to the log:
By using TestComplete's User Forms, you can create dialogs used to enter the user name and password. To avoid posting the password to the log, you just need to block posting messages that contain it. The approaches I have described will help you secure your data when working with TestComplete, though please keep in mind that it's possible to capture any citadel, security is a challenging topic.