tags:

views:

486

answers:

3
+1  Q: 

Sending e-mail out of client application without storing password

My Aim: Sending an email (e.g. support request, error report) out of a C# Windows forms application. I know how do do this technically but here is the catch:

In order to authenticate myself on the mail server (e.g. gmx, yahoo, own website) I need to store the login details inside the application (which runs on the client system). If someone extracts it or sniffs the network traffic he will have access to my email account. Maybe the second threat could be eliminated using a secure connection. However, it is still possible to get the password out of the application regardless if it is obfuscated or not.

So is there are 'secure' concept enabling me to send e-mail messages out of my program, which runs on the client pc without the need to store a password in accessible form and not requirering a special web service?

+2  A: 

I had such a requirement in the past which we solved by using a web service to post messages.

If for example a user wanted to submit a bug report it would be turned into a web service call to our web server and it would then be forwarded accordingly.

To answer your question: There is no way you can hide you mail server. If your program can send emails, so can the user with another program. (the same goes for a web service.) What you can do is use an open smtp server (smtp relay) but that is just asking for trouble.

Y Low  2008-11-23 15:39:46
+1  A: 

If you are sending a message to a domain that the mail server is the final destination for you do not need to authenticate the sender, you only need to do this when you are relaying mail to another domain.

Brian C. Lane  2008-11-23 15:41:17
A: 

You could allow email to only be sent by Active directory authenticated users. That would allow you to check that the user has a valid account and is in a valid group "domain\MyMailSendUsers" before your app is able to send the mail.

if you are using a local mail server it can also be configured to only allow connections from certain resources. If you are using mail from an external supplier (yahoo, google etc) then you are going to have to store the usernames and passwords, theres no real way around that other than asking users to type them in each time they want to send, you could then store them in a runtime variable (and encrypt it) to keep them secure.

Mauro  2008-11-23 15:45:17

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?