Sent an support e-mail through gmail
Question
I already implement the sent the e-mail support through gmail, and everything is fine. But this code seems odd, because for example the customer requested to the programmer to make an e-mail support through gmail, and when it is done, programmer give the source code to the customer along with the program. When customer open it up (the source code), the customer will know the e-mail that used to make the e-mail support along with the password. How can I prevent that? Any good solution to make the e-mail support without reveal the e-mail password in the source code?
Here is the code that I am using:
public void SendRecoverCredentials(string _to)
{
try
{
SmtpClient _smtp = new SmtpClient();
MailMessage _message = new MailMessage();
_message.From = new MailAddress("credentialhelper@gmail.com", "Credential Helper - Support -");
_message.To.Add(new MailAddress(_to, "To whom it may concern"));
_message.Subject = "Credentials Recover";
_message.Body = "Dear to whom it may concern" +
"\n\n\nBelow are your credentials info:" + "\n\n\n\n" + "Please copy the Password and paste it to the program where the Old Password field is." + "\n\n\n\n" + "Username: " + UserInformation.Name + "\nPassword: " + UserInformation.Password +
"\n\n\n\nTo avoid for future messages being moved to the spam or junk folder, please add credentialhelper@gmail.com to be your contact list." +
"\n\n\n*** This is an automatically computer generated e-mail, please do not reply to this message ***";
_smtp.Port = 587;
_smtp.Host = "smtp.gmail.com";
_smtp.EnableSsl = true;
_smtp.UseDefaultCredentials = false;
_smtp.Credentials = new NetworkCredential("support's e-mail address", "support's e-mail password");
_smtp.DeliveryMethod = SmtpDeliveryMethod.Network;
_smtp.Send(_message);
ShowMessageBox("Your message has been successfully sent.", "Success", 2);
}
catch (Exception ex)
{
ShowMessageBox("Message : " + ex + "\n\nEither your e-mail or password incorrect. (Are you using Gmail account?)", "Error", 1);
}
}
Thank you!
1 answers
solution1
2 ACCPTED 2015-01-28 17:30:08
Simply put, there is no way to do exactly what you're asking. You cannot send the client your credentials and have them be secure. Compiling them into a DLL will stop only the least technically-savvy potential attackers.
There are a couple ways you could achieve your goal, though:
Have the client provide their own e-mail username and password and send through those. This is probably the easiest because it doesn't require much set-up.
Use OAuth. This is essentially the same as option 1, except instead of having them provide the password you'll have them click "give access" on a Google page or whatever. Probably not the way to go.
Create a Web service you control that has the credentials stored, then have your application contact that Web service. Your Web service can ensure it's a valid request from your app and then send the e-mail for you. While this is the nicest solution, probably, it also needs the most work.
In addition, although it's not directly related to your question, this code is a serious problem:
"Username: " + UserInformation.Name + "\\nPassword: " + UserInformation.Password
First of all, you shouldn't even be able to decrypt anyone's password. You should be using a one-way hash. There are lots of essays talking about why this is so and I won't repeat them here. Anyway, it's a bad idea. Additionally, sending sensitive information over e-mail is not ideal either.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.