Sunday 15 May 2011

c# - How do I securely store and set password for use by SmtpClient class? -


I am writing a C # class which needs to send SMTP email to me the question that I have given to me In order to send emails, found the code in the

feature, here I am modifying one of the above questions on the above question: 

  using System.Net; Using System.Net.Mail; Address from Var = new mail address ("from@gmail.com", "by name"); Var toAddress = new mail address ("to@example.com", "name to"); Password with password = "password"; Const String topic = "topic"; Const String Body = "Body"; On smtp = new SmtpClient {host = "smtp.gmail.com", port = 587, EnableSsl = true, DeliveryMethod = SmtpDeliveryMethod.Network, UseDefaultCredentials = false, credentials = new NetworkCredential (fromAddress.Address, fromPassword)}; Using (Message to New MailMessage (FROMADDRESS, toAddress) {subject = topic, body = body}} {smtp.Send (message); }   
 The problem I have is that in order to store the code in plain-text C # source file, smtp password is required. The problem is that this code will be examined in the team foundation so that the whole team should know the credentials. The problem is that stories are possible, but this problem does not solve 1.  
 One solution I've found is the encryption of an app config as an installation step closer to the nearest. It does not get around 1 problem, but can be done if necessary.  
 Does this situation produce applications, and what are the best practices used to store password C # sections needed to illustrate?   
 
 
 We resolve this problem by using our build server, teamcity. Build system includes production secret (password, API key, etc.), which can only be established by some trusted individuals. Our build system is responsible for changing the configuration (and other sensitive) files before / after using script and / or password bidding parameters.  
 This enables us to staging / test values ​​for our secrets, but know that the production / production of production will be secreted by app / web. The config can take care of the URL change (dev / qa / stage / prod), so we use only build servers for those parts which we would never want to include in the source control.   

 








Posted by



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)