search

muquit / mailsend

A program to send mail via SMTP from command line
Other
295 stars 68 forks source link

Encrypted password feature request #40

Open muquit opened 10 years ago

muquit commented 10 years ago

From thavr...@gmail.com on December 22, 2013 07:30:35

I'm using your program to send emails from a batch file that runs unattended and from multiple computers.

A great feature of your program is that you can use gmail, hotmail etc servers when you specify a valid account (so you do not need to be inside your own network and specify your local email server)

But, I do not like to have the password in plain view I am looking at various options, keeping in mind that the solution should be easily portable to other computers, so extra files, registry entries etc are not a first option.

a) compile batch file, but do password protected compiles exist and with the proper program the batch file can be decompiled b) encrypt the sendmail command line or only the password or your password environment variable with various tools (ms: cipher.exe, certutil.exe, joeware.net cpau.exe c) add feature to your program. d) do you have any other idea's

Thank you very much

Original issue: http://code.google.com/p/mailsend/issues/detail?id=40

muquit commented 10 years ago

From thavr...@gmail.com on December 22, 2013 04:33:03

Sorry, it is not a defect, but a feature request. I did not see how to change that

muquit commented 10 years ago

From muq...@gmail.com on December 23, 2013 10:29:41

This feature existed at one point but I removed it as it gives false sense of security. I can add this feature back but it will be a compile time option and you have to explicitly enable it before compiling the code yourself. That means this feature will not be in the compiled binaries I supply. If you agree on that, I will add the feature back.

Thanks.

larsthon commented 8 years ago

I'm not the OP "thavr" but I think that having an encrypted password feature as a compile time option would be great. I think the the feature as you had it with SMTP_USER_PASS_ENC in version 17b2 was very nice.

I know it was not really secure, but with an added level of security of generating the decryption key randomly during compilation, it seems to me that it is at least helpful for avoiding to have to store a password in plaintext anywhere, and that some real effort and knowledge to decompile the binary and find the decryption key.