Comments on: How (in)secure is your proxy password in LoadRunner 9.0 http://blog.testsautomation.com/2009/01/how-insecure-is-you-proxy-password-in-loadrunner-90/ Live fast, die old... Wed, 19 May 2010 19:52:40 +0200 http://wordpress.org/?v=2.8.4 hourly 1 By: admin http://blog.testsautomation.com/2009/01/how-insecure-is-you-proxy-password-in-loadrunner-90/comment-page-1/#comment-39 admin Tue, 24 Feb 2009 14:51:45 +0000 http://blog.testsautomation.com/?p=22#comment-39 Hi Stuart I think that the best (most secure) idea would be to use MD5 for example. So even if someone access your script, he can't decrypt your password. Waldemar Hi Stuart

I think that the best (most secure) idea would be to use MD5 for example. So even if someone access your script, he can’t decrypt your password.

Waldemar

]]> By: Stuart Moncrieff http://blog.testsautomation.com/2009/01/how-insecure-is-you-proxy-password-in-loadrunner-90/comment-page-1/#comment-37 Stuart Moncrieff Mon, 23 Feb 2009 22:48:17 +0000 http://blog.testsautomation.com/?p=22#comment-37 I wouldn't worry too much that someone with access to your LoadRunner script can see a plaintext proxy password in one of the script files. An "encrypted" password in your script very quickly becomes a plaintext password if you use lr_decrypt(). // Save my password to a parameter lr_save_string("49a3259a32e56d82a6b296ffd37e2a7e33fb0ef21b7c", "Password"); // Set proxy credentials. // These will be used for any subsequent requests. web_set_user("stuart", "{Password}", "proxy.example.com:8080"); web_set_proxy("proxy.example.com:8080"); // Print password to replay log. lr_output_message("Password: %s", lr_decrypt(lr_eval_string("{Password}"))); Cheers, Stuart. I wouldn’t worry too much that someone with access to your LoadRunner script can see a plaintext proxy password in one of the script files.

An “encrypted” password in your script very quickly becomes a plaintext password if you use lr_decrypt().

// Save my password to a parameter
lr_save_string(”49a3259a32e56d82a6b296ffd37e2a7e33fb0ef21b7c”, “Password”);

// Set proxy credentials.
// These will be used for any subsequent requests.
web_set_user(”stuart”, “{Password}”, “proxy.example.com:8080″);
web_set_proxy(”proxy.example.com:8080″);

// Print password to replay log.
lr_output_message(”Password: %s”, lr_decrypt(lr_eval_string(”{Password}”)));

Cheers,
Stuart.

]]>