[英]Secure way to send a mail via a (Restful) Webservice
I have a AngularJS Webapplication with Java Backend. 我有一个带有Java后端的AngularJS Web应用程序。
Now i want to send a mail out of the Angular Application. 现在我想从Angular Application发送邮件。 I thought the best way is to send a post or get request to the webservice and send the Mail via an internal smtp server to the recipient.
我认为最好的方法是将帖子发送或获取请求到Web服务,并通过内部smtp服务器将邮件发送给收件人。
But i think there is a big security problem with this concept. 但是我认为这个概念存在很大的安全性问题。 When i create a webservice call like:
/api/mail?mailto=john@doe.com
someone can take the link to the webservice, change the recipient and take this link to start spamming to other people. 当我创建一个Web服务呼叫时,例如:/
/api/mail?mailto=john@doe.com
有人可以获取该Web服务的链接,更改接收者,并使用此链接开始向其他人发送垃圾邮件。
Do someone know a secure way for this architecture to send a mail via a webservice? 有人知道这种体系结构通过Web服务发送邮件的安全方法吗? It is necessary that i have to pass the recipient to the mail service, because the user set this in the AngularJS UI.
我必须将收件人传递给邮件服务,因为用户在AngularJS UI中进行了设置。
I am happy about any suggestion. 我对任何建议都很满意。
Here are the security measures you should take for securing your rest api. 这是您应采取的安全措施,以保护您的Rest API。 REST Security Cheat Sheet Here is the list of security measures you should take for your rest API.
REST安全备忘单这是您应该为其余API采取的安全措施的列表。
If you use spring-security you will be covered in most of this. 如果您使用spring-security,那么大部分内容都将涵盖其中。
Use Mailgun . 使用Mailgun 。 You can send 10,000 emails for free you can call the API via your Java backend, like so:
您可以免费发送10,000封电子邮件,也可以通过Java后端调用API,如下所示:
public static ClientResponse SendSimpleMessage() {
Client client = Client.create();
client.addFilter(new HTTPBasicAuthFilter(
"api","key-3ax6xnjp29jd6fds4gc373sgvjxteol0"));
WebResource webResource = client.resource(
"https://api.mailgun.net/v3/samples.mailgun.org/messages");
MultivaluedMapImpl formData = new MultivaluedMapImpl();
formData.add("from", "Excited User <excited@samples.mailgun.org>");
formData.add("to", "john@doe.com");
formData.add("subject", "Hello");
formData.add("text", "Testing some Mailgun awesomeness!");
return webResource.type(MediaType.APPLICATION_FORM_URLENCODED).
post(ClientResponse.class, formData);
}
This would be more secure than your implementation. 这将比您的实现更安全。 I would also send the email address from the Angular client to your Java backend as a POST.
我还要将Angular客户端的电子邮件地址作为POST发送到您的Java后端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.