Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

What is the security around the custom password field?


#1

http://docs.gurock.com/testrail-integration/defects-plugins-variables

We have Rally integration set up. We have two variables, rallyuser and rallypass. I go from there to My Settings, and I enter my Rally username and password.

How is my password secured?


#2

Hello Christina,

Thanks for your posting. User/defect variables of type Password are stored encrypted in the database using AES encryption. The same is true for the fallback value of the user/defect variable (which you can configure when adding/editing the field under Administration > Integration). The values are also not exposed via the user interface in any way (e.g. when editing the field under My Settings or fallback under Administration > Integration).

TestRail needs to store the integration passwords in a way that they can be restored again, as Rally requires the password to be submitted for the API authentication. TestRail stores its own passwords as salted hashes only of course.

Regards,
Tobias


#3

Hooray, thank you!


#4

You are welcome, Christina!

Regards,
Tobias