This started out as an encryption question, but it may end up being a testing best practice question. I have an application that is not customer-facing, so new accounts cannot be created. It uses personal Active Directory information, and we have no (nor are we allowed to obtain) test accounts for Active Directory.
I have a personal account that can access the content to be tested, but I do not want my AD password to be easily obtained. I am using Jenkins to launch scripts so I can easily prompt the user for a password and store it in a variable to be used... but I know how easy it would be to then log these passwords to a flat file. I'd like to provide more security for coworkers if I'm setting up a system that accepts user input (instead of using my own as an encrypted master for the script). The test case is pretty standard - log in, assert a few features and functions and that's it. I looked into AES encryption thinking that I would encrypt the password manually and then take the encrypted string and paste it into a decrypt function in the script... but that function would obviously list the decryption keys so it's really only adding a step of obfuscation to the process of retrieving the password. What's the best practice for this scenario? Thanks, Adam -- Before posting, please read http://watir.com/support. In short: search before you ask, be nice. watir-general@googlegroups.com http://groups.google.com/group/watir-general watir-general+unsubscr...@googlegroups.com
