If I use System.Net.Mail and use SmtpClient as described by ScottGu in this blog here, will my password be secure when it makes the connection to the smtp server? I know there may be issues with storing it on the server in plain text, but that isn't what I'm asking. When I make the connection to the smtp host, does it send it in plain text?
Asked
Active
Viewed 198 times
1
-
This might help : http://stackoverflow.com/questions/17246364/how-do-i-securely-store-and-set-password-for-use-by-smtpclient-class – Ruchi Sep 29 '15 at 17:43
1 Answers
3
It depends on how the smtp is setup. If it's across a TLS tunnel then it will be encrypted and will have the same basic security that any TLS tunnel on the internet has (i.e. the same as HTTPS). If it's not going across an encrypted channel, then it won't be encrypted, and it will be sent plain text.
So SMTP itself doesn't provide any way to encrypt things (just like HTTP), and relies on the underlying tunnel to be encrypted to protect the data (like HTTPS).
Do note that everything with security has many many trade offs, and I've only described a very simple solution, that doesn't cover the many other factors in dealing with security. So be very careful in assuming that anything you read on the internet regarding security/encryption is correct. It is one the single most difficult areas in all of computer science.
Zipper
- 7,034
- 8
- 49
- 66
-
Thank you @Zipper! I was getting confused with MailMessage and SmtpClient, I didn't need the message encrypted, but wanted to make sure the password was. I believe if I use `SmtpClient.EnableSsl = true;` then that will send it through on a TLS encrypted tunnel. – ajr Sep 29 '15 at 18:37