[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Sending an Email from code, safer

Posted on 2014-08-28
10
Medium Priority
?
279 Views
Last Modified: 2014-09-02
Hello,

I've been using the below code to send myself an email when the user registers my application in the field.  It grabs the WAN IP along with the computer name.  The application is free but I've been thinking of charging a low fee for each copy.  Obviously this isn't the best way (putting my account name and password in code) but it is free, simple, and it works.  I'd like to make it a little more secure without costing anything for server space, third party DLLs, etc.  I was looking at some older methods of sending an email direct without logging into gmail account but I couldn't make it work.  Obfuscation doesn't seem like much resilience if someone were to decompile the code.  It's written in VB.Net.  Any ideas?

Current Code:

If Me.txtEmail.Text = "" Or Me.txtAgency.Text = "" Or Me.txtName.Text = "" Then
            MsgBox("Required field left blank.", MsgBoxStyle.Critical, "Error.")
            Exit Sub
        End If


        Try
            eBody = (New WebClient()).DownloadString("http://checkip.dyndns.org/")
            eBody = "IP:" & (New System.Text.RegularExpressions.Regex("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")).Matches(eBody)(0).ToString()
            Me.txtWAN.Text = eBody
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            eBody += "Com Name:" & My.Computer.Name
            Me.txtPCName.Text = My.Computer.Name
            eBody += vbCrLf
            Application.DoEvents()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try


        Try
            eBody += "Date: " & Now() & vbCrLf
            eBody += "Name: " & Me.txtName.Text & vbCrLf
            eBody += "Email: " & Me.txtEmail.Text & vbCrLf
            eBody += "Organization: " & Me.txtOrganization.Text & vbCrLf
            eBody += "Comments: " & Me.txtComments.Text & vbCrLf

        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try

        Try
            Dim Smtp_Server As New SmtpClient
            Dim e_mail As New MailMessage()
            Smtp_Server.UseDefaultCredentials = False
            Smtp_Server.Credentials = New NetworkCredential("MyThrowawayGmailAccount@gmail.com", "someobscurepassword")
            Smtp_Server.Port = 587
            Smtp_Server.EnableSsl = True
            Smtp_Server.Host = "smtp.gmail.com"
            e_mail = New MailMessage()
            e_mail.From = New MailAddress("MyThrowawayGmailAccount@gmail.com")
            e_mail.To.Add("myactualgmailaccount@gmail.com")
            e_mail.Subject = "Application Registration " & Now()
            e_mail.IsBodyHtml = False


            eBody = Encrypt(eBody, "encryptionpassword", “encryptionsalt", "SHA1", 3, "somestringhere", 256)
            e_mail.Body = eBody
            Smtp_Server.Send(e_mail)


            Try
                If File.Exists(Application.StartupPath & "\registrationKey.txt") Then
                    File.Delete(Application.StartupPath & "\registrationKey.txt")
                End If

                Using outfile As StreamWriter = File.AppendText(Application.StartupPath & "\RegistrationKey.txt")

                    outfile.Write(eBody)
                    outfile.Close()
                End Using
                ' File.Encrypt(Application.StartupPath & "\RegistrationKey.txt")
            Catch ex As Exception

            End Try
        Catch error_t As Exception
            MsgBox(error_t.ToString)
        End Try

        MsgBox("Registration Complete!", MsgBoxStyle.Exclamation, "Thank You")
        Me.Close()

    End Sub

Open in new window

0
Comment
Question by:zipnotic
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 28

Expert Comment

by:MacroShadow
ID: 40291040
What are those older methods?
0
 

Author Comment

by:zipnotic
ID: 40291070
CDOSYS with an internal server on port 25
0
 
LVL 28

Expert Comment

by:MacroShadow
ID: 40291088
I don't see how that will help, with CDO you have to put all your information (smtp server, username, password) in the code.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 31

Accepted Solution

by:
MlandaT earned 1000 total points
ID: 40291352
The only way I can think to do this is to modify your app to submit to a Google Form (which is free). You could gather the necessary data in your app, and submit it the Google Form, which would store the data in a linked Google Spreadsheet. There are events on the Google Spreadsheet which allow you to execute code - including sending an email when data is submitted to the form Or just use the Email Notifications feature of Google Forms which sends you an email when data is submitted to the form. This approach achieves several things:

1 - Keeps your username and password for the email secure. You just publish the Google Forms key.
2 - Everything remains free
3 - Behind many corporate networks, you have better chance of submitting HTTP data as opposed to accessing 3rd Party SMTP servers (which is a point of failure in your current approach)
4 - You learn Google Forms and Google Spreasheets loool :)

Have a look at:
http://www.codeproject.com/Tips/143208/How-to-Submit-Google-Docs-Form-by-using-Csharp
http://www.gilgh.com/article/send-data-to-a-google-form-using-asp-net,-c

http://www.labnol.org/internet/email-notification-for-google-docs-forms/5248/
Or just use the MailApp.sendEmail(email, subject, message) in the Google SpreadSheet.
0
 
LVL 40

Assisted Solution

by:Jacques Bourgeois (James Burger)
Jacques Bourgeois (James Burger) earned 1000 total points
ID: 40292663
Store the sensitive information in an encrypted portion of the application configuration file. The technique is simple and explained in Encrypting Configuration Information Using Protected Configuration.
0
 

Author Comment

by:zipnotic
ID: 40294008
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
 

Author Comment

by:zipnotic
ID: 40294009
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
 

Author Comment

by:zipnotic
ID: 40294010
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
 
LVL 40
ID: 40294023
Does the Google form allow you to programmatically fill in certain text boxes like an ordinary web form?
0
 

Author Comment

by:zipnotic
ID: 40299393
Thanks both of you for the ideas.  What I decided to do for now was deploy an encrypted text file with the application that contains the sensitive info.  My program will then decrypt that file at runtime.  
Far from perfect but at least an extra level obscurity.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Simulator games are perfect for generating sample realistic data streams, especially for learning data analysis. It is even useful for demoing offerings such as Azure stream analytics, PowerBI etc.
Progress
Loops Section Overview

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question