I have this code (ASP.net VB.net):
Dim xx As Net.Mail.SmtpClient
xx.Credentials = New Net.NetworkCredential("username","password")
I'm not very sure but would the password stored there be ridiculously easy for a hacker to get?
If it was a standard windows form app, something like net reflector get the password with the click of a button, so how do I make it more secure?
Thanks
Store the username and password in the app.config (Windows Forms app) or web.config (Web app) and encrypt the sections. Pretty easy to do and secure...
Example here ==> http://www.davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx
If your really worried about it you can put it in the config file and use "protected config file sections" to encrypt it.
In order to get the code the attacker would need to get the executable from the machine, not just the result of the page. In a well managed IIS server this is non-trivial (not impossible).