C#使用加密密码进行邮件SSL认证
C# Use crypted password for email Ssl authentification
我正在尝试使用 Gmail 电子邮件发送多封电子邮件。
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("gmail email ssl server");
mail.To.Add("email to send to");
mail.Subject = "Test Mail 2.0";
mail.IsBodyHtml = true;
mail.Body = body;
SmtpServer.Port = 587;
SmtpServer.Credentials = new System.Net.NetworkCredential("email@email.com", "My Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
它运行良好,但如您所知,C# 代码是可检索的。您知道 gmail 将接受作为密码的加密方法吗?
所以我可以在代码中存储,只有加密的密码,我的电子邮件仍然容易受到攻击,但比现在少很多。
在环境级别而不是代码级别拥有此类数据也许是一个不错的选择。您可以尝试将密码和电子邮件存储在系统环境变量中,然后从您的代码中检索它。这样,唯一知道这些变量值的人就是您编写代码的系统 运行.
当您想到它时,就像浏览器如何存储您的密码一样,不是吗?直到 February 2020, Google decided plain DPAPI is good enough for that. Of course, as the linked article mention, it became easy picking for password-stealing malware. Technically it's not really a strong concern, reading DPAPI requires running as the same user or elevated ones, so it already has access to other interesting data. You can just keep using DPAPI, indeed, Chrome now encrypted the password instead of using DPAPI but still keep the encryption key through DPAPI, with the decryption procedure clearly described in ,恶意软件和密码工具在 Chrome 更新几天后更新。
因此,如果您想添加非常小的更改,使用 DPAPI as it is 通常就足够了。添加另一个加密只会迫使攻击者反编译您的应用程序以反转加密,您的应用程序仍然会泄露整个密码。否则,如果您绝对不想公开密码,请创建一个网络服务并告诉您的应用调用该服务。
我正在尝试使用 Gmail 电子邮件发送多封电子邮件。
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("gmail email ssl server");
mail.To.Add("email to send to");
mail.Subject = "Test Mail 2.0";
mail.IsBodyHtml = true;
mail.Body = body;
SmtpServer.Port = 587;
SmtpServer.Credentials = new System.Net.NetworkCredential("email@email.com", "My Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
它运行良好,但如您所知,C# 代码是可检索的。您知道 gmail 将接受作为密码的加密方法吗? 所以我可以在代码中存储,只有加密的密码,我的电子邮件仍然容易受到攻击,但比现在少很多。
在环境级别而不是代码级别拥有此类数据也许是一个不错的选择。您可以尝试将密码和电子邮件存储在系统环境变量中,然后从您的代码中检索它。这样,唯一知道这些变量值的人就是您编写代码的系统 运行.
当您想到它时,就像浏览器如何存储您的密码一样,不是吗?直到 February 2020, Google decided plain DPAPI is good enough for that. Of course, as the linked article mention, it became easy picking for password-stealing malware. Technically it's not really a strong concern, reading DPAPI requires running as the same user or elevated ones, so it already has access to other interesting data. You can just keep using DPAPI, indeed, Chrome now encrypted the password instead of using DPAPI but still keep the encryption key through DPAPI, with the decryption procedure clearly described in
因此,如果您想添加非常小的更改,使用 DPAPI as it is 通常就足够了。添加另一个加密只会迫使攻击者反编译您的应用程序以反转加密,您的应用程序仍然会泄露整个密码。否则,如果您绝对不想公开密码,请创建一个网络服务并告诉您的应用调用该服务。