An Experiment with GMAIL
Introduction:
All the ideas/experiments mentioned here are my own observations and the main reason for writing this is not for criticizing/praising a product (Here GMAIL), but only to test it and judge the best and worst of the product. (Here GMAIL).
1) Type www.gmail.com/WWW.GMAIL.COM/wWw.GmaIL.Com in the Address URL.
Observation:
i) Though you will be redirected to the home page of GMAIL, but I can observe in the address URL https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2 where there is no mention of GMAIL anywhere.
This gave me an idea that since GMAIL is a product from GOOGLE and this login is not applicable to GMAIL but this login is applicable to all GOOGLE PRODUCTS, and hence checked the site www.google.com and clicked the sign in button there, What I observed is the same
https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
so, this is the main reason whenever you are signing into GMAIL or any GOOGLE Product you are always automatically signed into all other GOOGLE products.
Comments:
This is very useful in order to avoid multiple sign INS, E.g.: I have signed in GMAIL and now I don’t have to sign into ORKUT. This is advantageous.
But just a pause here, I have signed into GMAIL and forgot to signoff and I just closed my browser and went off. My brother who just came and typed WWW.ORKUT.COM in another browser, oh! He was able to see my friends and my page. Since he is brother not much secrecy is not lost but what if I am replicating the same scenario in an INTERNET center.
A common end user will not or never will have an idea of when his session is going to be timed out, henceforth before you realize that you have forgotten signing off from the GMAIL in your last log in at ABC INTERNET CAFE, you are already hacked.
So, there is a high risk of Security by using GMAIL. (Need your comments on this statement!)
ii) But one more thing I observed in the redirected URL is https instead of regular http. This means GOOGLE is using more secured technology for data transfer. So on the NETWORK your data will be safe.
· Did I mention that it took me 6.3 seconds(approximately) to view the log in page after I typed the URL in the Browser followed by a click on the GO button present next to it. (Tested on a 74 kbps, IE 6 Browser, XP OS, P4 configuration computer)
· I got the home page, what caught my eye is that GMAIL is still a beta product.(It is not fully established in all areas is what I feel when I see a Beta there!)
· No, spelling mistakes found on the page.
· There was a numeric value on the page, which is changing dynamically.
Lots of space
Over 4561.283632 megabytes (and counting) of free storage so you’ll never need to delete another message. Chat right inside Gmail.
This number is not increasing in a non-uniform manner, appreciable is that is incrementing correctly.
· The hyperlink Learn More present under the Chat right inside Gmail subsection is my next check. On click on this hyperlink you are redirected to the same other page, but you don’t have an option of returning back your previous page. Well I used my browsers back button and I observed that it took some pretty long time (I mean to say that the previous page URL is not stored in my system. Hence it went back to server or something I like this.) This is a bad Idea with respect to me. I could have found a back button on the page where I was redirected.
· Same was the case with the Learn more hyperlink present under the Mobile access subsection. It was the case with all hyperlinks present on the page. And hyperlinks were working on the date tested.
· Here I found a difference, the number that was changing dynamically had really caught my eye, and I had lot of test cases on that number for the time being this difference I found.
I had already opened the home page in a browser and the number was changing. Now I opened another tab(It is possible to open new windows in Tabs in Mozilla/IE6).In my new tab I typed the URL www.gmail.com and clicked on the GO button found next to the address bar. I observed that the number started from 2745.xxxyyy(some number) and within next second it bounced back to 4561.xxyy (some number). This indicates that it is starting with some number or cutoff value here I got it as 2745.xxxyyy(some number).
After a second or so it is changing to the number, which is present on my old existing page on the other already opened tab. And from there they are moving in a synchronous manner.(This I have tested both on IE7 and Mozilla Browser). So, I what I can conclude from there is that numerical value increase on the page is not uniform.
· Now moving towards right on the page I have the text boxes and button. I have tested the look of the page in 800 by 600 and 1024 by 768 resolutions, it looked very fine and the scroll bars also served the purpose.
· What I observed on the page is the sentence
Sign in to Gmail with your Google Account
This is a message meant for the end user hinting him that he going to sign into GOOGLE and not particularly GMAIL. Hope all end users this.
· Testing started now with the user name text box. The very first test I did was a negative one. Before testing the expected output I have first did this:
I went to create an Account page and checked the maximum length that an email Id can have and I found that it is “Sorry, your username must be between 6 and 30 characters long.”. so, this gets the expected input for the boundary value test cases and equivalence partition.
But I was able to enter 17,13,312 (and more, I have stopped here) characters in the Username field. When you are restricting any user for a maximum of 30 characters as desired User Name what is the use of allowing an end user approximately 17,13,312 characters. Practical disadvantages I found is it took almost a minute and more to get a message as Invalid email address. [?] when tried entering such a user name. If many several users try this testing what will the performance of valid user? So, this is a very valid bug I feel.
Now the minimum field value i.e. 6 but I was able to enter a user name with length=4 characters. And when I tried to login I got some other message as Username and password do not match. (You provided ascv). I.e. there is no consistency in messages. Boundary value conditions and equivalence Partition cases have been failed here.
· Also when tried the above scenario I have even obtained a ? in my message, which is a hyperlink, and on clicking it I got redirected to “What’s my Password?” page, stating that hyperlink is working, and this page did not opened in the same page but it got opened in a new web page and focus on the new page.
So, More observations are coming up in my next posting, to summarize here what I wanted to discuss/show to you are:
1) I find a security Issue in singing into GMAIL.
2) Dynamic number generating on the page is something worth a testing.
3) UserName text field has failed the key black box testing features like Boundary Value Analysis, Equivalence Partitioning.
4) Inconsistency in messages when trying to logging in.
Coming in the next post I will try to EXPERIMENT WITH THE GMAIL more especially in the password text fields, Submit button, Checkbox present on the page.
If you have any suggestions or comments in the above posting, please send your valuable comments to me by mailing me or leaving a message at
Pavanturlapati@gmail.com.
Happy Testing 
Thanks & Regards,
Pavan Turlapati
– Testing became my passion from profession.
Environment
