Reputation: 85
.net smtpclient password secure
If I use System.Net.Mail and use SmtpClient as described by ScottGu in this blog here, will my password be secure when it makes the connection to the smtp server? I know there may be issues with storing it on the server in plain text, but that isn't what I'm asking. When I make the connection to the smtp host, does it send it in plain text?
Upvotes: 1
Views: 262
Answers (1)
Reputation: 7204
It depends on how the smtp is setup. If it's across a TLS tunnel then it will be encrypted and will have the same basic security that any TLS tunnel on the internet has (i.e. the same as HTTPS). If it's not going across an encrypted channel, then it won't be encrypted, and it will be sent plain text.
So SMTP itself doesn't provide any way to encrypt things (just like HTTP), and relies on the underlying tunnel to be encrypted to protect the data (like HTTPS).
Do note that everything with security has many many trade offs, and I've only described a very simple solution, that doesn't cover the many other factors in dealing with security. So be very careful in assuming that anything you read on the internet regarding security/encryption is correct. It is one the single most difficult areas in all of computer science.
Upvotes: 3
Related Questions
- How to set username and password for SmtpClient object in .NET?
- What type of authentication is System.Net.Mail.SmtpClient using when sending emails?
- Send Mail without password in C#
- Send email in ASP.net without password
- How to send my Credentials securely using smtpClient with ASP.Net
- Concealing SMTP password in .NET application
- smtp server requires authentication but I believe it already has it
- SmtpClient sending without authentication
- Sending Authenticated SMTP Using C#
- SMTP authentication with .NET fails