Monday, 15 July 2013

automated tests - Data security in selenium -


How does secenium protect security in remote grid calls?

I have a test service in a machine grid in any other remote machine. It's easy to buy a product flow:

1) Test service invites my website to a remote grid browser. 2) For the credit card field in checkout, this service sends the data of that credit card Which is stored safely in remote browsers. 3) The service then calls the Submit button on the remote browser to submit data to the website.

How does Selenium control the flow of data in phase 2? Is there a way to encrypt data in transit?

Selenium is a browser automation library, there is no capability to encrypt it anywhere. If you need encryption, then there are other libraries in the Java world (or whatever binding you are using) that accomplish that task.

For transit encryption for communication between the node and the hub, which is completely transmitted to the communication channel, Selenium does not encrypt anything. There are various networking solutions to secure communication traffic.

Finally, selenium is usually used in a test case, where you expect that they are checking the servers and providing real information (such as live user passwords, live credit cards Etc.), do not use live data anytime. In this case, there is no need to encrypt any of its data , because even if it leaks, it will be meaningless in the real world.


No comments:

Post a Comment