SMTP-Password not encrypted

  • Resolved domzu

    (@domzu)


    1 week, 3 days ago

    Hi

    Many Thanks for this great plugin!
    It saves me really a lot of time.

    In the settings for “Email Delivery,” the SMTP password is stored in plain text and only masked/hidden with CSS. Shouldn’t the password be more securely protected, or is there a specific reason to store it in plain text?

    Grettings

Viewing 1 replies (of 1 total)
  • Plugin Author Bowo

    (@qriouslad)

    @domzu great to hear you’re finding ASE useful for your work.

    SMTP password is required as is when connecting to the SMTP server. It should be possible to encrypt it when storing in the DB, but there has to be some function to decrypt it before using it to authenticate with the SMTP server. I’m guessing if someone has the right skill, it’s not that difficult to find the decryption function in the code and use that to get the raw password.

    If ‘exposing’ the SMTP password is a no-no, I suggest using another authentication method, e.g. oAuth, and use another SMTP plugin that supports that method. ASE currently does not have support for such authentication method, but it is something on a list of things to consider for possible, future implementation.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.