need Source code modification as far as I know BUT Whats preventing a user from adding a debug sampler? whats preventing a user from invoking the same code that decrypts the password ? What security have you really added? If you really wanted the password to be secure (which is the policies intent rather than it is not viewable) you will have to work at an OS level.
If these are critical passwords then why not let the user enter the password (either at launch time or by modifying the test) (usually not feasible for Db passwords but may be feasible for website logins). On Tue, Oct 5, 2010 at 11:39 AM, black gaff <[email protected]>wrote: > > I realize the password could still be obtained with enough motivation. > > I'm working towards ensuring the password is written to the Log File nor > visible in View Results Tree. It would be great if there was something > like > HTTP Authorization Manager or the Login Config Element that worked on HTTP > Requests > -- > View this message in context: > http://jmeter.512774.n5.nabble.com/How-to-mask-encrypt-values-sent-as-an-HTTP-request-parameter-tp3200142p3200202.html > Sent from the JMeter - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
