1

I am not sure is it safe and secure to store User information in class, and I came in idea to store some user information in .ini file and write what is inside there and execute. Basically, I have Console Application which is running in .NET Framework 4.7.2 and I made notification for store LOG.file and Sending mail whenever new user has been added to ActiveDirectory. SInce I need to configure SMTP for this kind of staff and store very private information such as EmailID,Password etc I am not sure is it secure to put this visible. 

SmtpClient mySmtpClient = new SmtpClient("smtp.gmail.com");


            mySmtpClient.UseDefaultCredentials = false;
            System.Net.NetworkCredential basicAuthenticationInfo = new
            System.Net.NetworkCredential("email@gmail.com", "emailsender");
            mySmtpClient.Credentials = basicAuthenticationInfo;
            mySmtpClient.EnableSsl = true;
            mySmtpClient.Port = 587;


            MailAddress from = new MailAddress("sender@gmail.com", "IAMSender");
            MailAddress to = new MailAddress("reciver@gmail.com", "IAMReceiver");
            System.Net.Mail.MailMessage myMail = new System.Net.Mail.MailMessage(from, to);

            myMail.Subject = "ActiveDirectory";
            myMail.SubjectEncoding = System.Text.Encoding.UTF8;

            // set body-message and encoding
            myMail.Body = @"Ukupno novih korisnika:" + noviKorisnika + "<br>" +
                          @"Ukupno izmjenjenih korisnika: " + izmjenjenihKorisnika;
            myMail.BodyEncoding = System.Text.Encoding.UTF8;
            // text or html
            myMail.IsBodyHtml = true;
            mySmtpClient.Send(myMail);

Any idea how to configure this kind of staff since I have not enought skill and knowledge about SMTP ?

  • Why do you think putting credentials into an .ini file is safer than hard-coding it? – Fildor May 06 '20 at 11:56
  • 1
    Does this answer your question? [How to securely save username/password (local)?](https://stackoverflow.com/questions/12657792/how-to-securely-save-username-password-local) – Sinatr May 06 '20 at 11:57
  • Because .ini file will be hidden in server, hard-coding will be visible for everyone. If I hide user information inside .ini file noone can see it even dont know where its store –  May 06 '20 at 11:57
  • Ok, I won't go deeper into this. Just do neither. If your goal is security, you need some form of encryption. "Hiding" something that is plaintext is "security by obscurity" which is widely considered to be "_no_ security". – Fildor May 06 '20 at 12:00
  • By the way: _"Warning This API is now obsolete."_ and _"We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub."_ - [SmtpClient Remarks](https://docs.microsoft.com/en-us/dotnet/api/system.net.mail.smtpclient?view=netcore-3.1#remarks) – Fildor May 06 '20 at 12:06
  • I don't know if that would be an option for you, but Microsoft Azure has a "Key Vault", as a safe place to put credentials. Other Cloud providers probably offer similar services. – Fildor May 06 '20 at 12:10
  • Hmm.I am not using Microsofr Azure. Still have no idea where to publish this app but most probably It will be AWS. I have not decide yet –  May 06 '20 at 12:12
  • In that case, I'd inject credentials "unsafely" for development and decide on how to make them secure when you have committed yourself to a platform. If you are leaning towards AWS, have a look into their "AWS Secrets Manager". – Fildor May 06 '20 at 12:32
  • Which online server you can reccomendet me for this purpose ? Azure ? –  May 06 '20 at 12:38

1 Answers1

0

Ini file is fine, but you should encrypt password, and store it as encrypted. Instead of ini file you can use config file, and access it easier: var value = ConfigurationManager.AppSettings["password"] This way you don't have to build your own methods to read/save ini file

Dominik S
  • 176
  • 2
  • 13
  • I have alredy create .config file but have no idea how to store this kind of information inside `app.config` file –  May 06 '20 at 12:02