Bill Prew
asked on
Hiding user and password in ASPX (for CDO Message sends)
I have seen examples like the one below on the microsoft web site with regard to sending an email from an aspx page script using CDO Message. My question though is what is the best practice with regard to hiding the password and not just including it in the aspx script code? This will be the username and password for the SMTP email server we are using, so it isn't a user on the IIS server, etc. Any guidance appreciated...
http://support.microsoft.com/kb/555287
using System;
using System.Web.Mail;
namespace SMTPAuthentication
{
public class SMTPAuthenticationExample
{
public static void SendMail()
{
string smtpServer = "smtp.domain.com";
string userName = "johnDoe";
string password = "pass";
int cdoBasic = 1;
int cdoSendUsingPort = 2;
MailMessage msg = new MailMessage();
if (userName.Length > 0)
{
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpserver", smtpServer);
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpserverport", 25) ;
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusing", cdoSendUsingPort) ;
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", cdoBasic);
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendusername", userName);
msg.Fields.Add("http://schemas.microsoft.com/cdo/configuration/sendpassword", password);
}
msg.To = "someone@domain.com";
msg.From = "me@domain.com";
msg.Subject = "Subject";
msg.Body = "Message";
SmtpMail.SmtpServer = smtpServer;
SmtpMail.Send(msg);
}
}
}
~bp
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then your best bet is to encrypt/decrypt your password:
http://www.codeproject.com/Tips/306620/Encryption-Decryption-Function-in-Net-using-MD-Cry
http://www.codeproject.com/Tips/306620/Encryption-Decryption-Function-in-Net-using-MD-Cry
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've requested that this question be closed as follows:
Accepted answer: 500 points for Scott Fell (padas)'s comment #a40200773
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Accepted answer: 500 points for Scott Fell (padas)'s comment #a40200773
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
I think both randy and myself both offered more detailed ways to what the OP asked, in the very least I would split the points between randy and myself. With all due respect, Scott's answer was more along the lines of minimizing time OP's original concerns about security.
ASKER
Thanks to feedback and suggestions from all that participated.
~bp
~bp
ASKER
~bp