MyLoadTest

LoadRunner Password Encoder and lr_decrypt()

2

By Stuart Moncrieff on Dec 29th, 2012

If you ever need to disguise a password in a VuGen script, you will no doubt have used the lr_decrypt() function. If you have stopped to think for a second or two, you will have realised “encrypting” the password in your script doesn’t make it more secure in any meaningful way. Anyone with access to the script can decode the password with a single line of code:

// As a security measure, LoadRunner password encryption is about as effective as rot13.
lr_output_message("The secret password is: %s", lr_decrypt("50de7ec44d2ff7033c2fcb9e5cf7307799d7"))

So, if this feature doesn’t really make anything more secure, why was it included in LoadRunner? This is a classic example of a “pre-sales feature” – during the sales process, you just know that a potential customer is going to have an attack of “due dilligence” and say that everyone knows that passwords should not be stored in plaintext and they couldn’t possibly buy the product because it is so insecure. As a pre-sales engineer, you can say “it’s okay, all the passwords in the script are encrypted”, and the barrier to sale suddently disappears.

Read on if you want to learn more about encoding passwords in LoadRunner…
Read more →

Bad Performance Testing

2

By Stuart Moncrieff on Dec 22nd, 2012

As a performance testing consultant, I get to see a lot of the work that other performance testers do…and a lot of the time it horrifies me. If performance testing was a licensed profession, like law or medicine, then it would be necessary to revoke the licenses of 90% of testers. Their work is not just “low quality”, it is actually wrong or misleading, or based on such a shaky foundation that any predictions made from the test results are tenuous at best.

Bad performance testers frequently treat their testing as a ritual, rather than as a science and they either ignore errors, or don’t bother to check for them in the first place.

Here is an example that a saw last week…
Read more →

Checking text in a PDF file with LoadRunner

3

By Stuart Moncrieff on Jul 28th, 2012

PDF iconA friend was performance testing a new SAP system that had a self-service portal where employees could view and download a PDF version of their payslip. He asked me how he could add a check to his LoadRunner script to make sure that the information in the PDF was correct (employee name, pay grade, etc). Manually checking all the PDFs at the end of the run was not a scalable solution (and just checking a sample of them would have missed any intermittent errors).

Fortunately, it was a simple matter to write some code in VuGen that would solve his problem.
Read more →

Errors are bad

5

By Stuart Moncrieff on Jul 14th, 2012

facepalmIt seems unnecessarily obvious to even bother making the statement that “errors are bad”; surely this is an idea that everyone agrees with, like “crime is bad” or “you shouldn’t put your underwear on backwards”. But a lot of performance testers that I have worked with don’t seem to care too much about errors. A senior performance tester with more than 15 years experience at some of the largest companies in Australia recently said to me:

 
“Yeah, as long as the error rate is below 5%, I don’t bother putting it in my report.”

Are. You. Kidding?

How could someone with so much experience be so wrong? How much bad advice had he given to big IT projects over his career? Did he really have 15 years experience, or just the same 6 months repeated over and over again?
Read more →