?
Solved

Encrypt password in CFMAIL

Posted on 2009-05-19
10
Medium Priority
?
713 Views
Last Modified: 2013-12-24
I am using my work's CF8 server to run an application that utilizes a CFMAIL tag.  My work requires me to have the server name, username and password (of my email account) in the CFMAIL tag in order to authenticate with the work email server.

Is there anyway to encrypt the password so that it won't be exposed in the code?

Thanks for any help!
Peg
0
Comment
Question by:mrotstein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:erikTsomik
ID: 24428622
you can store the user name and password in application.cfm
0
 
LVL 27

Accepted Solution

by:
azadisaryev earned 200 total points
ID: 24428819
there are ways to encrypt your password, but... your mail server will NOT accept it then, as it would not match the password for your email account.

the question here is: why do you want to hide it in your code? is it because other people working on same code will see it? then set up a separate account on your server to be used just for authenticating with your server in <cfmail> tags: remember - the username and password you specify in <cfmail> tag DO NOT have to be the username and password of the account you use in FROM attribute. they just need to be a username and password of a valid email account on your server.

if you are worried about someone using your application seeing the password - do not worry: CFML code is NOT returned to the browser. view the source of your pages in the browser and you will see that none of your cfml code is there.

Erik's suggestion is a valid one, though it does not solve the problem of other developers who have access to cfml code you write seeing your password - if they can see cfml code, they can just as easily view the code in your Application.cfm/.cfc and see your password.  But in general, it is a valid practice to save mailserver authentication info in application-scope variables and use those in your code.

Azadi
0
 

Author Closing Comment

by:mrotstein
ID: 31583356
Thank you for your detailed response.  It was very helpful!  Yes, I was worried about other developers seeing my email login information.  I am setting up a separate account on the server for email.  That is a perfect solution!
Peg
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 
LVL 19

Expert Comment

by:Jones911
ID: 24431739
Why don't you set the mail server, username and password in the ADMIN section ( /cfide/administrator ) then there is no need to put user names/passwords into code at all.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24431958
@Jones911:
isn't that a valid thing to do only when it is THE ONE AND ONLY mail server your applications running on this cf server may be using?
there's a setting in CF Admin for "backup mail servers"... but i am not quiet sure how that works... will the <cfmail> tag try to use the next defined mail server if sending mail through the default mail server fals due to invalid authentication?

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24432135
@azadi
If you have shared hosting your point is valid but if you have full control of the server and a smtp mail server then I think I would prefer not to code usernames/passwords into code and simply use <cfmail to="" from="" subject="" type="">Mail Message</cfmail>

I guess I have always had full server control so it hasn't been an issue apart from one blog which I host on a shared server which does set usernames and passwords in a config file.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24432235
@Jones911:
yeah, that's what i thought...
but have you played with the "backup mail servers" setting in CF Admin? does it actually make <cfmail> tags try other mail servers listed in that "backup" textarea when authentication for the default mail server fails? or are those backup mail servers only used when there's no response from the main mail server?
just curious -i've never used that "backup mail servers" feature and have no idea what exactly it does and when those servers are used... any ideas?

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24432624
@azadi

No I havn't but we have a script that moves mail from undeliverd to spool as now and then some email does fail to send.  Also we only have 1 smtp server but I'd think it would work like you say if it fails it woudl try on the second server.  I would like to try this out.
0
 
LVL 27

Expert Comment

by:azadisaryev
ID: 24433280
@Jones911:
interesting... just ran some quick tests...

i have defined a totally bogus mailserver as default mailserver in CF Admin.
then i specified a valid mailserver (with username and password) in the "backup mail server" field.
then i used a plain vanilla <cfmail> tag (without any username/password/server attributes in it, so it has to use the default mailserver set up in cf admin) to send an email, using a TOTALLY BOGUS email account in the FROM attribute, and... i DID recieve the email!

mind you, my thunderbird's junk/spam filter has automatically put in JUNK folder... but, nonetheless -> it looks like <cfmail> tag will try and use a mailserver from 'backup' list in case it can't send an email from default mailserver specified in cf admin, and NOT just when the default mailserver can't be reached, but EVEN if the default mail server does not exist at all (!).

that was an interesting experiment... now i actually know how the default and backup mailservers are used by cf.

Azadi
0
 
LVL 19

Expert Comment

by:Jones911
ID: 24433299
@Azadi  Nice thanks for reporting back your findings.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question