C#: Safely send bug report from a program

views:

744

answers:

+2 Q:

C#: Safely send bug report from a program

I would like my program to email me a bug-report when it fails. Is there any way of doing this... safely? I have found I can use System.Net.Mail MailMessage and SmtpClient and such, but of course, I will have to provide a username and a password to it (unless someone knows of one that doesn't need it?). And putting that in code I find a bit... I don't know. Technically it would mean that anyone could look at the source code or the compiled IL code (or what it was called) and find that username and password and use it for spamming or other not so good activites. Which is not very good!

Any ideas? Is there a better and/or different approach to this problem? Doesn't really have to be through email. But what I want is a way for the program to notify when something happens that I should fix. And to make that notification as little troublesome as possible to the user. Maybe even invisible (although a YesNo messagebox might be polite).

Anyone?

+3 A:

You don't need to provide your password to email to yourself, as you don't need other people's password to send email to them.

You only need a password if you relay an email over a third party's SMTP server.

If your SMTP client connects right to example.com on port 25 and sends an email to [email protected], no password is needed.

example.com above means an MX record, not an A record. This is a special type of record that holds the name of the server where all emails for example.com should go. There is no easy way to look it up from .NET, but if you are not going to change your SMTP server's address, you may hardcode it into SmtpClient.Host property.

To find out your mail server's address, type nslookup -q=MX example.com at your command prompt.

SMTP is not the best way to report errors, though. Home providers often block traffic on port 25 to all servers but their, to prevent spamming etc.

You better make a web server, create an instance of System.Net.WebClient in your program and send bug reports over HTTP. It's more reliable and you can easily use your client's proxy settings.

Quassnoi 2009-02-06 19:28:59

seems like that didn't work for my smtp server... maybe because it is called mail.example.com and not just example.com?

Svish 2009-02-06 19:45:19

You need to look up the MX record of your domain. So if you're [email protected], type "nslookup" in a DOS box, then at the nslookup prompt, type "set type=mx", hit Enter, then type "example.com" and hit Enter.

Ben Dunlap 2009-02-06 19:54:07

Or just type nslookup -q=MX example.com

Quassnoi 2009-02-06 20:46:02

that didn't work either... but guess the web service thing is maybe what I should do. I will have to make it in php though, cause I don't have anythink to run asp.net on.

Svish 2009-02-07 09:22:47

+1 A:

See http://stackoverflow.com/questions/312621/sending-e-mail-out-of-client-application-without-storing-password, which basically asks the same thing.

fatcat1111 2009-02-06 19:29:33

+1 A:

You can put the username & password in a web.config/app.config file. You can also encrypt the contents of your .config file (see here).

Kevin Tighe 2009-02-06 19:30:12

but wouldn't the app.config be visible as well? And to encrypt, wouldn't I have to provide info to decrypt it in the application?

Svish 2009-02-06 19:44:41

True, users would have access to the app.config file. I guess if you just want an bug report from clients you might be better off using a webservice as another poster suggested.

Kevin Tighe 2009-02-06 19:58:20

I do the same sort of thing and when our mail server moves to require authenticated SMTP, we plan to add exceptions for mail from certain addresses so that our automated processes don't need to provide credentials. If you're stuck with authenticated SMTP you'll need to work with your mail service provider to set up the same sort of exception or supply your credentials.

tvanfosson 2009-02-06 19:32:00

+7 A:

Instead of sending mail you could set up a web service that would receive the reports. The web service could run over https if you want to protect the data.

I did this for a customer once and it worked well.

The only problem is if the program is running somewhere without internet access.

Edit:

Don't tell this to anyone, but we even took a screenshot of the program when it crashed and posted it together with all information about the error that we could gather. It was incredibly useful!

Rune Grimstad 2009-02-06 19:51:46

+1 - posting the data over SSL is much easier than trying to send it through SMTP. Some ISPs also have the nasty habit of blocking outbound port 25 (SMTP) My ISP does this.

Jon Tackabury 2009-02-06 19:58:19

I wouldn't advise a screenshot. You may inadvertently be breaking data protection laws. It is certainly a privacy issue unless you show the user what you are about to send and ask for their permission first.

BlackWasp 2009-02-08 01:53:09

Hehe, I like it :p although BlackWasp may be right... Anyways, will probably end up trying to create a web service in php or something, and then upload some sort of error report. After asking the user permission probably. Although a simple stacktrace and exception message shouldnt break any laws...

Svish 2009-02-09 14:16:23

You are right of course, but the application was only used internally in the organisation and we only took screen shots of the application so we decided to do it. The data gathered was incredibly useful!

Rune Grimstad 2009-02-09 16:11:44

ansaurus

tags:

views:

answers:

C#: Safely send bug report from a program

related questions