StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POMy applications need to send emails, where and how should I store the SMTP password?
primarykey
Id
17565831
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-07-10T08:30:19.433
FavoriteCount
0
LastActivityDate
2013-07-12T08:40:45.280
LastEditDate
2017-05-23T12:31:17.853
LastEditorUserId
-1
OwnerUserId
1124509
ParentId
0
PostTypeId
1
Score
5
ViewCount
312
LastEditorDisplayName
text
Body
It seems like every application I create needs to be able to send the occasional email. E.g. status emails. For this question, assume my application is a backup tool, locally installed on many windows clients, and each installation needs to send daily status mails. It could be installed on an organization's server or on a private computer. I am asking the user to provide the credentials to an email account he owns (STMP host, port, username, password, from-address). I copied this approach from applications like Atlassian Jira/Confluence or JFrog Artifactory. Where and how are they storing the SMTP passwords anyway? My current understanding is: Salting/Hashing approaches do not apply here as I need to be able to retrieve the plaintext password to actually send the emails. I don't want to store the passwords in plaintext, so it's got to be some kind of encryption/decryption approach (right?). I can tell the user not to use his main email account, but to use some secondary account or, even better, setup a special email account just to be used by my application. If the user is an admin of an organization, he might be able to setup an email account on his exchange server or configure SMTP relaying. But, I know me, and I know my private users, some of them will just use their main email account anyway, so I want to do everything I can to keep their credentials as safe as possible (by that I mean "follow best practices"). Preferrably I would like to store the encrypted password in the application's database. I've spent hours and hours reading through questions on stackoverflow, but I cannot see a consensus (like there is for user account login credentials). I find this surprising, as I expect basically every developer to be confronted with this problem sooner or later. There must be some best practices to follow, some established way to go about this, but I haven't found it yet. Please point me to resources on SO/the web that explain how to tackle this problem. If at all possible written by some specialist in the field. Some SO questions I have looked at: <ul> <li><a href="https://stackoverflow.com/questions/225838/protecting-user-passwords-in-desktop-applications-rev-2">Protecting user passwords in desktop applications (Rev 2)</a></li> <li><a href="https://stackoverflow.com/questions/442923/windows-equivalent-of-os-x-keychain">Windows equivalent of OS X Keychain?</a></li> </ul>
Tags
<security><passwords><password-protection><email-integration><password-encryption>
Title
My applications need to send emails, where and how should I store the SMTP password?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USReto Höhener
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POMy applications need to send emails, where and how should I store the SMTP password?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.