1

We have a report that generates ~100 rows daily and our customers have to enter the data into third-party software. We hoped that the software allows some kind of data upload so that our customers don't have to do the tedious data-entry, but it's not happening. So, we are thinking to provide a solution to our customer by implementing an automated data entry system utilizing Selenium (I'm very new to Selenium). To achieve this, we have to use a real user's credential for login and a SQL connection credential and we came up with these two ideas:

  1. Use Python/Selenium, credentials hardcoded in a separate file, schedule a SQL Server Agent to automatically run this script daily.
  2. Implement a web user interface with C# in Visual Studio, credentials hardcoded in an encrypted web.config file, let user click a button to run the Python/Selenium script. (this will be a semi-automatic option but it gives users flexibility in choosing what to enter)

(We could take user's credential as a parameter to run the tool in order to avoid hard-coding a user's credential.)

I know it can be done but should Selenium be used to automate data entry in the security standpoint?

kabichan
  • 111
  • 3
  • 2
    i prefer using tampermonkey for these situations. it can ride on top of lastpass (or another manager) and leave the setup and security concerns about the same as they are for normal browsing. You can also leave login out, and just inject a button that does the automaticy things when the current user clicks the button. Simple and safe and fewer things to break and go wrong. – dandavis Aug 29 '19 at 17:02
  • I would login, send one record, logoff, and monitor everything on the web developer window on Firefox. And create a python (or even bash) script to send those data. Selenium is overkill to send repetitive data. – ThoriumBR Aug 29 '19 at 18:59
  • I'm not sure if this is actually a security question at all. You may be better off at stackoverflow – Conor Mancone Aug 29 '19 at 19:06
  • I will edit my question shortly but this is more like "implementing an auto data-entry solution using Selenium so that my customers don't have to do the tedious data entry", and I was wondering if using Selenium would be an ok solution in the security standpoint. – kabichan Aug 29 '19 at 19:37
  • @ConorMancone Thanks for the advice. I did want to know if there are any security concerns in using Selenium for automating data entry because it's kind of hacky as Selenium is meant for testing, not for automating data entry. I'll try stackoverflow or SoftwareEngineering as well. – kabichan Aug 29 '19 at 19:47
  • @kabichan I think it would therefore help to narrow your question down. In particular, what sort of security issues are you concerned about exactly? – Conor Mancone Aug 29 '19 at 20:35

1 Answers1

1

I would not use Selenium as there is an entire class of scripts called Grease Monkey scripts that automate repetitive user task. See TamperMonkey for one of many examples.

sevensevens
  • 111
  • 2