Monday, May 4, 2009

Handling Passwords in QTP Scripts


Most of the applications/websites will require a password for getting into them.

So, automation tools such QTP should be able to handle the passwords. But anyway, it is not a good practice to keep the password as it is in the scripts.

By default QTP will encrypt the password while recording. The recorded step will look like the below statement.


Dialog("Login").WinEdit("Password:").SetSecure "49ff257067d53a774881c348da151ccf9282c2109b60"

SetSecure method will be specifically used for handling passwords.

This recording approach will be useful only when you are going to use one or few passwords in your script.

If you want to use many number of different passwords for executing many iterations, this recording approach won't be much useful.

In this case we can use password encoder utility provided by QTP.

It can be accessed from start menu (e.g Programs->Quick Test Professional->Tools->Password Encoder)

It will look like below screenshot.



We need to enter the password text, and clicking "Generate" button will provide the encoded password string.

We can put this string in the Datatable for executing multiple iterations with different passwords.

It will be useful not only for automating the testing, but also in below scenario.
- you want to allow a person available in a remote place to get into your application/site for doing some testing or for some other purpose, and you don't want to share the password with him. In this case you can just create a QTP script to log into the application.


Some people may not be willing to store the password in the QTP script even in the encrypted form also.

In this case, we can create a simple HTML form and call it from QTP script to show as a pop-up window for getting password from user while executing the Script.
eBook for learning Software Testing and QTP Automation.
More Articles...

1 comment:

Boyd Patterson said...

It should be noted that 'SetSecure' and QTP's encrypted passwords are *NOT* a safe way to store passwords. You can always playback a script where you set the encrypted value on an unprotected edit box and see the clear password. Even the QTP documentation states they are not secure.

At best, they obscure the password from people looking at the screen since it's much harder to see and recall the "encrypted" password than it is the clear text. Anyone who has access to the value will be able to easily decrypt it.

Just wanted to provide some fair warning.

Search This Blog