Link to home
Start Free TrialLog in
Avatar of Bill Prew
Bill Prew

asked on

Hiding user and password in ASPX (for CDO Message sends)

I have seen examples like the one below on the microsoft web site with regard to sending an email from an aspx page script using CDO Message.  My question though is what is the best practice with regard to hiding the password and not just including it in the aspx script code?  This will be the username and password for the SMTP email server we are using, so it isn't a user on the IIS server, etc.  Any guidance appreciated...

http://support.microsoft.com/kb/555287

using System;
using System.Web.Mail;
namespace SMTPAuthentication
{
 public class SMTPAuthenticationExample
 {
  public static void SendMail()
  {
   string smtpServer = "smtp.domain.com";
   string userName = "johnDoe";
   string password = "pass";
   int cdoBasic = 1; 
   int cdoSendUsingPort = 2; 
   MailMessage msg = new MailMessage();
   if (userName.Length > 0)
   {
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpserver", smtpServer);
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpserverport", 25) ;
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusing", cdoSendUsingPort) ;
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", cdoBasic); 
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", userName); 
    msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", password); 
   }
   msg.To = "someone@domain.com"; 
   msg.From = "me@domain.com";
   msg.Subject = "Subject";
   msg.Body = "Message";
   SmtpMail.SmtpServer = smtpServer;
   SmtpMail.Send(msg);
  }
 }
}

Open in new window

~bp
SOLUTION
Avatar of Randy Poole
Randy Poole
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Big Monty
Big Monty
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bill Prew
Bill Prew

ASKER

You could store them in a database.  What are your concerns with storing them in the asp page?
We were just concerned about the security risk of having credentials in clear text in the asp page.  This is a public webserver so we are concerned about the risk of someone gaining access to the asp page, and this getting the email account credentials for the outgoing SMTP server.

~bp
SOLUTION
Avatar of Randy Poole
Randy Poole
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Gary
Gary
Flag of Ireland image
I've requested that this question be closed as follows:

Accepted answer: 500 points for Scott Fell (padas)'s comment #a40200773

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Avatar of Big Monty
Big Monty
Flag of United States of America image
I think both randy and myself both offered more detailed ways to what the OP asked, in the very least I would split the points between randy and myself.  With all due respect, Scott's answer was more along the lines of minimizing time OP's original concerns about security.
Avatar of Bill Prew
Bill Prew

ASKER

Thanks to feedback and suggestions from all that participated.

~bp