[英]Send email in secure way
I'm trying to make a simple application which will send an email. 我正在尝试制作一个发送电子邮件的简单应用程序。 I use
MailMessage
and SmtpClient
classes. 我使用
MailMessage
和SmtpClient
类。 SmpClient
requires a login and password to work. SmpClient
需要登录名和密码才能工作。
Yes, storing the password in plain text anywhere in your application is unsafe. 是的,将密码以纯文本形式存储在应用程序的任何位置是不安全的。 Don't do it!
不要这样做!
Instead, you should store the password encrypted in your App.config file (or somewhere else in a configuration file, machine.config for example): 相反,您应该将加密的密码存储在App.config文件中(或者配置文件中的其他位置,例如machine.config):
Encrypting and Decrypting ApplicationConfigSections 加密和解密ApplicationConfigSections
Alternatively you could ask the user at runtime for the credentials. 或者,您可以在运行时向用户询问凭据。
If you want to avoid explicitly providing a password, you can authenticate via Windows authentication of the currently logged on user. 如果要避免显式提供密码,可以通过Windows身份验证对当前登录的用户进行身份验证。 For this you can use
SmtpClient.UseDefaultCredentials
for sending the mail. 为此,您可以使用
SmtpClient.UseDefaultCredentials
发送邮件。 Of course this only works if the SmtpServer recognizes the users windows credentials. 当然,这只有在SmtpServer识别用户窗口凭据时才有效。
If you want to be secure from man-in-the-middle attacks and packet sniffing, you should use SSL to transmit the authentication data. 如果您希望免受中间人攻击和数据包嗅探,则应使用SSL传输身份验证数据。 You can do this by enabling SSL in the configuration or just setting the property yourself:
SmtpClient.EnableSsl
. 您可以通过在配置中启用SSL或仅
SmtpClient.EnableSsl
设置属性来执行此操作: SmtpClient.EnableSsl
。 (.NET >= 4.0) (.NET> = 4.0)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.