Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Encrypt password in CFMAIL

Posted on 2009-05-19
10
Medium Priority
?
718 Views
Last Modified: 2013-12-24
I am using my work's CF8 server to run an application that utilizes a CFMAIL tag.  My work requires me to have the server name, username and password (of my email account) in the CFMAIL tag in order to authenticate with the work email server.

Is there anyway to encrypt the password so that it won't be exposed in the code?

Thanks for any help!
Peg
0
Comment
Question by:mrotstein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:erikTsomik
ID: 24428622
you can store the user name and password in application.cfm
0
 
LVL 27

Accepted Solution

by:
azadisaryev earned 200 total points
ID: 24428819
there are ways to encrypt your password, but... your mail server will NOT accept it then, as it would not match the password for your email account.

the question here is: why do you want to hide it in your code? is it because other people working on same code will see it? then set up a separate account on your server to be used just for authenticating with your server in <cfmail> tags: remember - the username and password you specify in <cfmail> tag DO NOT have to be the username and password of the account you use in FROM attribute. they just need to be a username and password of a valid email account on your server.

if you are worried about someone using your application seeing the password - do not worry: CFML code is NOT returned to the browser. view the source of your pages in the browser and you will see that none of your cfml code is there.

Erik's suggestion is a valid one, though it does not solve the problem of other developers who have access to cfml code you write seeing your password - if they can see cfml code, they can just as easily view the code in your Application.cfm/.cfc and see your password.  But in general, it is a valid practice to save mailserver authentication info in application-scope variables and use those in your code.

Azadi
0
 

Author Closing Comment

by:mrotstein
ID: 31583356
Thank you for your detailed response.  It was very helpful!  Yes, I was worried about other developers seeing my email login information.  I am setting up a separate account on the server for email.  That is a perfect solution!
Peg
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 19

Expert Comment

by:Jones911
ID: 24431739
Why don't you set the mail server, username and password in the ADMIN section ( /cfide/administrator ) then there is no need to put user names/passwords into code at all.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24431958
@Jones911:
isn't that a valid thing to do only when it is THE ONE AND ONLY mail server your applications running on this cf server may be using?
there's a setting in CF Admin for "backup mail servers"... but i am not quiet sure how that works... will the <cfmail> tag try to use the next defined mail server if sending mail through the default mail server fals due to invalid authentication?

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24432135
@azadi
If you have shared hosting your point is valid but if you have full control of the server and a smtp mail server then I think I would prefer not to code usernames/passwords into code and simply use <cfmail to="" from="" subject="" type="">Mail Message</cfmail>

I guess I have always had full server control so it hasn't been an issue apart from one blog which I host on a shared server which does set usernames and passwords in a config file.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24432235
@Jones911:
yeah, that's what i thought...
but have you played with the "backup mail servers" setting in CF Admin? does it actually make <cfmail> tags try other mail servers listed in that "backup" textarea when authentication for the default mail server fails? or are those backup mail servers only used when there's no response from the main mail server?
just curious -i've never used that "backup mail servers" feature and have no idea what exactly it does and when those servers are used... any ideas?

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24432624
@azadi

No I havn't but we have a script that moves mail from undeliverd to spool as now and then some email does fail to send.  Also we only have 1 smtp server but I'd think it would work like you say if it fails it woudl try on the second server.  I would like to try this out.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24433280
@Jones911:
interesting... just ran some quick tests...

i have defined a totally bogus mailserver as default mailserver in CF Admin.
then i specified a valid mailserver (with username and password) in the "backup mail server" field.
then i used a plain vanilla <cfmail> tag (without any username/password/server attributes in it, so it has to use the default mailserver set up in cf admin) to send an email, using a TOTALLY BOGUS email account in the FROM attribute, and... i DID recieve the email!

mind you, my thunderbird's junk/spam filter has automatically put in JUNK folder... but, nonetheless -> it looks like <cfmail> tag will try and use a mailserver from 'backup' list in case it can't send an email from default mailserver specified in cf admin, and NOT just when the default mailserver can't be reached, but EVEN if the default mail server does not exist at all (!).

that was an interesting experiment... now i actually know how the default and backup mailservers are used by cf.

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24433299
@Azadi  Nice thanks for reporting back your findings.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question