Shulou(Shulou.com)06/01 Report--

How to solve the problem of CAPTCHA in WEB performance testing? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Now more and more websites adopt the verification technology of CAPTCHA in order to protect their security or prevent the infringement of Spam. To put it simply, CAPTCHA means that when logging in or submitting content, a manually identifiable but machine-unrecognizable verification string (usually a picture generated by background, distortion, etc.) appears randomly on the page. It is required to enter this verification code when logging in or submitting content.

CAPTCHA can effectively prevent the spying of passwords and a large amount of Spam content brought by the so-called network promotion software, which has been accepted as a standard implementation by many Internet or Intranet applications. However, for performance testing, this kind of verification code brings great problems. The most prominent problem is that the performance test tool itself is an automated tool, and because this kind of CAPTCHA uses a method of "preventing automated tool attempts", you will find it difficult to adjust the script after recording the script. to adapt it to the needs of CAPTCHA verification. This problem has been mentioned more than once and asked if there is a better solution.

My personal view on this problem is that basically, we can consider solving the problem in three ways:

1. The first method, which is also the easiest to think of, temporarily shields the verification function in the system under test, that is, temporarily modifying the application, no matter what CAPTCHA the user enters, is considered to be correct. This method is the easiest to implement and will not have much impact on the test results (of course, this method removes the "verification code" link, but it is difficult to become a system performance bottleneck in the first place). However, this method has a fatal problem: if the system under test is actually online, the masking verification function will pose a great security risk to the business that is already running, so for the system that is already online, it is not appropriate to use this way.

2. The second method is slightly improved on the basis of the first method. The first method brings great security problems, so we can consider not canceling the verification, but leaving a back door in it, we set a so-called "universal verification code". As long as the user enters this "universal verification code", we will verify it, otherwise, we will verify it in accordance with the original verification method. There are still security problems in this approach, but because we can control the "universal CAPTCHA" in a small range through management means, and only keep this small back door during performance testing, compared with the first method, there has been a big improvement in security.

3. If security is really critical to the application and does not allow the slightest mistake, then we can take a step further to deal with the problem. General performance testing tools (MI's LR, Seague's Silk performer, etc.) can call external DLL or component interfaces, so you can consider getting the implementation of the "CAPTCHA verification" part, writing a CAPTCHA DLL and calling it in the test script.

In addition to these three methods, there may be other ways to exist, and I hope you can provide some other ideas. In my practice, the second method is often used, and the first method is sometimes used to test the internal performance of non-online systems. However, it should be reminded that if the system is online, no matter which method is used, the application must be restored immediately after the test is completed, and a security audit of the system must be conducted to avoid being invaded by others during the test. The third method is less used and specifically depends on verifying that the component can provide such an interface.

This is the answer to the question about how to solve the problem of CAPTCHA in WEB performance testing. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.