在不存储密码的情况下从客户端应用程序发送电子邮件

时间:2022-11-15 10:35:13

My Aim: Sending an email (e.g. support request, error report) out of a C# Windows forms application. I know how do do this technically but here is the catch:

我的目标:从C#Windows窗体应用程序发送电子邮件(例如支持请求,错误报告)。我知道如何从技术上做到这一点,但这里有一个问题:

In order to authenticate myself on the mail server (e.g. gmx, yahoo, own website) I need to store the login details inside the application (which runs on the client system). If someone extracts it or sniffs the network traffic he will have access to my email account. Maybe the second threat could be eliminated using a secure connection. However, it is still possible to get the password out of the application regardless if it is obfuscated or not.

为了在邮件服务器(例如gmx,yahoo,自己的网站)上验证自己,我需要在应用程序(在客户端系统上运行)中存储登录详细信息。如果有人提取或嗅探网络流量,他将可以访问我的电子邮件帐户。也许使用安全连接可以消除第二个威胁。但是,无论是否进行模糊处理,仍然可以从应用程序中获取密码。

So is there are 'secure' concept enabling me to send e-mail messages out of my program, which runs on the client pc without the need to store a password in accessible form and not requirering a special web service?

那么是否有'安全'概念使我能够从我的程序中发送电子邮件,该程序在客户端PC上运行而无需以可访问的形式存储密码而不需要特殊的Web服务?

3 个解决方案

#1


2  

I had such a requirement in the past which we solved by using a web service to post messages.

我过去有过这样的要求,我们通过使用Web服务来发布消息来解决这个问题。

If for example a user wanted to submit a bug report it would be turned into a web service call to our web server and it would then be forwarded accordingly.

例如,如果用户想要提交错误报告,则会将其转换为对我们的Web服务器的Web服务调用,然后相应地转发它。

To answer your question: There is no way you can hide you mail server. If your program can send emails, so can the user with another program. (the same goes for a web service.) What you can do is use an open smtp server (smtp relay) but that is just asking for trouble.

回答你的问题:你无法隐藏你的邮件服务器。如果您的程序可以发送电子邮件,那么用户也可以使用其他程序。 (对于Web服务也是如此。)你可以做的是使用一个开放的smtp服务器(smtp中继),但这只是在寻找麻烦。

#2


1  

If you are sending a message to a domain that the mail server is the final destination for you do not need to authenticate the sender, you only need to do this when you are relaying mail to another domain.

如果要向域发送邮件,表明邮件服务器是最终目的地,则无需对发件人进行身份验证,只需在将邮件中继到其他域时执行此操作。

#3


0  

You could allow email to only be sent by Active directory authenticated users. That would allow you to check that the user has a valid account and is in a valid group "domain\MyMailSendUsers" before your app is able to send the mail.

您可以允许仅由Active Directory身份验证用户发送电子邮件。这样您就可以在应用程序发送邮件之前检查用户是否拥有有效帐户并且位于有效组“domain \ MyMailSendUsers”中。

if you are using a local mail server it can also be configured to only allow connections from certain resources. If you are using mail from an external supplier (yahoo, google etc) then you are going to have to store the usernames and passwords, theres no real way around that other than asking users to type them in each time they want to send, you could then store them in a runtime variable (and encrypt it) to keep them secure.

如果您使用的是本地邮件服务器,则还可以将其配置为仅允许来自某些资源的连接。如果您使用来自外部供应商(雅虎,谷歌等)的邮件,那么您将不得不存储用户名和密码,除了要求用户在每次发送时键入它们之外,没有其他方法,您然后可以将它们存储在运行时变量中(并加密它)以保证它们的安全。

#1


2  

I had such a requirement in the past which we solved by using a web service to post messages.

我过去有过这样的要求,我们通过使用Web服务来发布消息来解决这个问题。

If for example a user wanted to submit a bug report it would be turned into a web service call to our web server and it would then be forwarded accordingly.

例如,如果用户想要提交错误报告,则会将其转换为对我们的Web服务器的Web服务调用,然后相应地转发它。

To answer your question: There is no way you can hide you mail server. If your program can send emails, so can the user with another program. (the same goes for a web service.) What you can do is use an open smtp server (smtp relay) but that is just asking for trouble.

回答你的问题:你无法隐藏你的邮件服务器。如果您的程序可以发送电子邮件,那么用户也可以使用其他程序。 (对于Web服务也是如此。)你可以做的是使用一个开放的smtp服务器(smtp中继),但这只是在寻找麻烦。

#2


1  

If you are sending a message to a domain that the mail server is the final destination for you do not need to authenticate the sender, you only need to do this when you are relaying mail to another domain.

如果要向域发送邮件,表明邮件服务器是最终目的地,则无需对发件人进行身份验证,只需在将邮件中继到其他域时执行此操作。

#3


0  

You could allow email to only be sent by Active directory authenticated users. That would allow you to check that the user has a valid account and is in a valid group "domain\MyMailSendUsers" before your app is able to send the mail.

您可以允许仅由Active Directory身份验证用户发送电子邮件。这样您就可以在应用程序发送邮件之前检查用户是否拥有有效帐户并且位于有效组“domain \ MyMailSendUsers”中。

if you are using a local mail server it can also be configured to only allow connections from certain resources. If you are using mail from an external supplier (yahoo, google etc) then you are going to have to store the usernames and passwords, theres no real way around that other than asking users to type them in each time they want to send, you could then store them in a runtime variable (and encrypt it) to keep them secure.

如果您使用的是本地邮件服务器,则还可以将其配置为仅允许来自某些资源的连接。如果您使用来自外部供应商(雅虎,谷歌等)的邮件,那么您将不得不存储用户名和密码,除了要求用户在每次发送时键入它们之外,没有其他方法,您然后可以将它们存储在运行时变量中(并加密它)以保证它们的安全。