Verification Code problems during LoadRunner's script recording

My personal opinion on this issue is that there are basically three ways to solve it:
1. The first method is also the easiest to think of. It is temporarily used in the tested system.Shield VerificationThat is to say, temporary modification of the application, no matter what verification code the user entered, is considered correct. This method is the easiest way to implement and will not have much impact on the test results (of course, this method removes the "Verification Code" link, however, this process is difficult to become a bottleneck in system performance ). However, this method has a fatal problem: If the tested system is an actually online system, blocking the verification function will pose a very high security risk to the services that are already running, therefore, this method is not suitable for online systems;

2. The second method is slightly improved based on the first method. The first method brings a lot of security issues, so we can consider, do not cancel the verification, but leave a backdoor in it, we set a so-called "universal verification code ", as long as the user enters this"Universal verification code", We will pass the verification. Otherwise, we will continue to follow the original verification method. This method still has security issues, but because we can control the "universal verification code" in a small range through management means, and only keep this small backdoor during performance testing, compared with the first method, the security has been greatly improved;

3. if security is really important to applications and there is no possibility of any loss, we can use further methods to solve this problem. Common performance testing tools (mi lr, Segou's silk sort mer, etc.) canCall an external DLL or Component InterfaceTherefore, you can consider obtaining the implementation of the "Verification Code" section, write a DLL to obtain the verification code, and call it in the test script.

in addition to the three methods, other methods may exist, and you may wish to provide other ideas. In my practice, the second method is used a lot. Sometimes the first method is used to test the internal performance of the system that is not online. However, it should be noted that, if you are targeting an online system, you must immediately restore the application and perform a security audit on the system after the test is completed, avoid intrusion by others during the test. The third method is rarely used and depends on whether the component can provide such an interface.