Joke Collection Website - Public benefit messages - Java Training of Beida Jade Bird: Solving the Verification Code Problem in WEB Performance Testing?
Java Training of Beida Jade Bird: Solving the Verification Code Problem in WEB Performance Testing?
Simply put, a verification code is a picture generated by a verification string (usually background, distortion, etc.) when logging in or submitting content. ) will appear randomly on the page, and you need to enter this verification code at the same time when logging in or submitting content.
Verification code can effectively prevent password spying and a lot of junk content brought by so-called network promotion software, and has been accepted as a standard implementation method by many Internet or intranet applications.
But for performance testing, this kind of verification code has brought great problems.
The most prominent problem is that the performance testing tool itself is an automation tool. Because this verification code adopts the method of "preventing automatic tools from trying", it is difficult to adjust the script to meet the needs of verification code after recording.
This problem has been mentioned more than once, asking if there is a better solution.
My personal view on this issue is that there are basically three ways to solve this problem: 1. The first method, which is also the easiest to think of, is to temporarily block the verification function in the tested system, that is, to temporarily modify the application, no matter what verification code the user inputs, it is considered correct.
This method is the easiest to implement, and will not have much impact on the test results (of course, this method removes the link of "verifying verification code", but this link is difficult to become the bottleneck of system performance).
However, this method has a fatal problem: if the tested system is actually online, the shielding verification function will cause great security risks to the already running business, so this method is not suitable for online systems; 2. The second method is a slight improvement on the basis of the first method.
The first method brings great security problems, so we can consider leaving a back door inside instead of canceling the verification. We set up a so-called "universal verification code". As long as the user enters this "universal verification code", we will pass the verification, otherwise, we will still verify according to the original verification method.
There are still security problems in this way, but because we can control the "universal verification code" in a small range through management means, and only keep this small back door during performance testing, the security has been greatly improved compared with the first way; 3. If the safety response is really important and no mistakes are allowed, then we can deal with this problem further.
General performance testing tools (LR of MI, Silkperformer of Seague, etc. You can call an external DLL or component interface. Therefore, Guangxi computer training/suggestion can consider realizing "verification code verification", writing a DLL obtained by verification code and calling it in the test script.
- Related articles
- My colleague's children can't go to the 12 birthday party.
- Send greetings to customers when it rains and cools down.
- QQ business full set of 8 diamonds+members are open, will there be QQ management titles?
- What are some clever rent-urging sentences?
- How long does it usually take to hear a civil dispute?
- According to the regulations of the State Secrecy Bureau, how to do a good job in information security and confidentiality?
- Tutorial on how to set up ringtone GarageBand on Apple
- What kind of "telepathy" is true love in all likelihood?
- How to send information to customers
- How to invite the boss to dinner? Or contact feelings and take care of yourself.