9

I'm trying to make a simple application which will send an email. I use MailMessage and SmtpClient classes. SmpClient requires a login and password to work.

  • Is it secure to compile application with login/password in simple string?
  • Is this possible to disassemble this, and get password?
  • How to hide it from potential attacker?
  • Is this possible to send email w/o using login/password?
Liam
  • 27,717
  • 28
  • 128
  • 190
apocalypse
  • 5,764
  • 9
  • 47
  • 95
  • 2
    You will need to encrypt the password as any plain string will be easily viewed using tools like reflector. I would either prompt a user, or store an encrypted password in a configuration type file. – Rob Goodwin Feb 27 '13 at 15:35
  • 1
    Create a **service account** that can send e-mails (but not do much else) and encrypt the credentials? – SpaceBison Feb 27 '13 at 15:35

1 Answers1

7

Yes, storing the password in plain text anywhere in your application is unsafe. Don't do it!

Instead, you should store the password encrypted in your App.config file (or somewhere else in a configuration file, machine.config for example):

Encrypting and Decrypting ApplicationConfigSections

Alternatively you could ask the user at runtime for the credentials.

If you want to avoid explicitly providing a password, you can authenticate via Windows authentication of the currently logged on user. For this you can use SmtpClient.UseDefaultCredentials for sending the mail. Of course this only works if the SmtpServer recognizes the users windows credentials.

If you want to be secure from man-in-the-middle attacks and packet sniffing, you should use SSL to transmit the authentication data. You can do this by enabling SSL in the configuration or just setting the property yourself: SmtpClient.EnableSsl. (.NET >= 4.0)

magnattic
  • 12,638
  • 13
  • 62
  • 115
  • Looks like I need to read alot now to understand this App.config thing. In Asp.net I saw something like this, but in WinForms I dont see it. However I will red about this. But when SmtpClient sends a message, is password visible for attacker which use packet sniffer? – apocalypse Feb 27 '13 at 15:46
  • 1
    You can use SSL for sending the mail, so then the password will not be sent in plain text and you are safe from packet sniffers. – magnattic Feb 27 '13 at 15:50
  • How is storing the password in an encrypted form useful? If it's encrypted, the app will have to decrypt it, and so the password to *that* will have to be unencrypted in the program binary, etc. – Kirk Woll Feb 27 '13 at 15:57
  • 1
    Of course the password will have to be decrypted at some point by the application. However, the decrypted password will never be in the decompiled program or as plain text in a config file. It will only be in the RAM for a short amount of time. Technically, an attacker could read out the RAM if he knew where to look at what time and could fetch the password. If the attacker has full access to the machine, technically he is able to know everything the machine knows and there is little you can do about that. – magnattic Feb 27 '13 at 16:05
  • 1
    In the mail scenario, if this is an application you distribute you should let the user provide _his_ mail credentials. I would not recommend distributing an application that contains credentials you don't want the user to have. If this is an application on a server, the user does not have access to the machine so encrpyting the credentials will suffice. Even if he gains access to your config somehow, he will be unable to read it. – magnattic Feb 27 '13 at 16:10
  • Thanks guys. This security things are not that important at this moment. I will implement most basic mechanism (ssl and encryption). – apocalypse Feb 27 '13 at 16:13
  • @atticae, what are you talking about? If the key to decrypt the password exists in the program binary, then it is visible without doing anything crazy like reading RAM. – Kirk Woll Mar 02 '13 at 02:42
  • @KirkWoll Ok yes, I missread your earlier comment. You are right. As I said, encrypting the config is useful in a server scenario, not so much in a distributed desktop application. – magnattic Mar 02 '13 at 19:34