安全地发送电子邮件
[英]Send email in secure way
问题描述
I'm trying to make a simple application which will send an email. 
我正在尝试制作一个发送电子邮件的简单应用程序。 I use MailMessage and SmtpClient classes. 我使用MailMessage和SmtpClient类。 SmpClient requires a login and password to work. SmpClient需要登录名和密码才能工作。
- Is it secure to compile application with login/password in simple string? 使用简单字符串中的登录名/密码编译应用程序是否安全?
- Is this possible to disassemble this, and get password? 这有可能拆解这个,并获得密码?
- How to hide it from potential attacker? 如何将其隐藏起潜在的攻击者?
- Is this possible to send email w/o using login/password? 这是否可以使用登录名/密码发送电子邮件?
1 个解决方案
解决方案1
6 已采纳 2013-02-27 15:37:56
Yes, storing the password in plain text anywhere in your application is unsafe. 是的,将密码以纯文本形式存储在应用程序的任何位置是不安全的。 Don't do it! 不要这样做!
Instead, you should store the password encrypted in your App.config file (or somewhere else in a configuration file, machine.config for example): 相反,您应该将加密的密码存储在App.config文件中(或者配置文件中的其他位置,例如machine.config):
Encrypting and Decrypting ApplicationConfigSections 加密和解密ApplicationConfigSections
Alternatively you could ask the user at runtime for the credentials. 或者,您可以在运行时向用户询问凭据。
If you want to avoid explicitly providing a password, you can authenticate via Windows authentication of the currently logged on user. 如果要避免显式提供密码,可以通过Windows身份验证对当前登录的用户进行身份验证。 For this you can use SmtpClient.UseDefaultCredentials for sending the mail. 为此,您可以使用SmtpClient.UseDefaultCredentials发送邮件。 Of course this only works if the SmtpServer recognizes the users windows credentials. 当然,这只有在SmtpServer识别用户窗口凭据时才有效。
If you want to be secure from man-in-the-middle attacks and packet sniffing, you should use SSL to transmit the authentication data. 如果您希望免受中间人攻击和数据包嗅探,则应使用SSL传输身份验证数据。 You can do this by enabling SSL in the configuration or just setting the property yourself: SmtpClient.EnableSsl . 您可以通过在配置中启用SSL或仅SmtpClient.EnableSsl设置属性来执行此操作: SmtpClient.EnableSsl 。 (.NET >= 4.0) (.NET> = 4.0)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.