Is there anyway to get an email sent without putting the password into the code ?
There are many email api-s that enables to send an email with entering the username and password.
Example
sendEmail("myemail#gmail.com","mypass","subject","msg body");
Is there any way around the problem with hard-coding the password in code ?
You have three options to send email:
You include your email and password into the code and in this case
the application will send emails from this email address.
You can ask user to enter his credentials for his email and in this
case you'll receive a mail from user's address.
You can form an intent in your application that will fill neccessary
fields and call user's email client to send this.
If you want silent way to send email then you should choose 1 or 2. But more secure way is to use the third approach.
You can ask the user password one time and then store it in your internal storage. It may be necessary to add a way to change the password later if preferred. Deciding from documentation, the internal storage is even secure, while it is also possible to use additional encryption. This is how most of E-mail clients work.
Related
I'm experimenting with Cognito but I can't seem to figure out how to get Cognito to send a verification email to a user for them to verify their email address.
This is in my back-end server, where I've received the username, email, and password from a new user. I'm suppressing the message action because I don't want users to receive a temporary password. Instead, I want to set the password to what they've already provided me.
AdminCreateUserRequest adminCreateUserRequest = new AdminCreateUserRequest().withUserPoolId("<user pool ID>")
.withUsername(registerUserRequest.getUsername())
.withUserAttributes(new AttributeType().withName("email")
.withValue(registerUserRequest.getEmail()), new AttributeType().withName("email_verified")
.withValue("false"))
.withMessageAction(MessageActionType.SUPPRESS);
awsCognitoIdentityProvider.adminCreateUser(adminCreateUserRequest);
AdminSetUserPasswordRequest adminSetUserPasswordRequest = new AdminSetUserPasswordRequest().withUserPoolId(<user pool ID>)
.withUsername(registerUserRequest.getUsername())
.withPassword(registerUserRequest.getPassword())
.withPermanent(true);
awsCognitoIdentityProvider.adminSetUserPassword(adminSetUserPasswordRequest);
However, users are never receiving an email to verify their email address. In the user pool configuration, I have "Email" selected under "Which attributes do you want to verify?" and I've verified the email address I'm sending from in SES. Am I missing something here?
If you use AdminCreateUser the account will always be created with a temporary password.
What you actually want is Signup.
I have created an application where I could send a mail with Mail API. Therefore, for that I had to provide the email id and password of the source mailbox.
Refer the code below:
Mail sender = new Mail("sourceEmailID", "sourcePassword");
sender.sendMail("Subject","Body","sourceEmailID", "destinationEmailID");
Now, I dont want to provide the harcoded password inside my source code. Infact I want to convert it into asterisk form or any other secured form.
But the value shouldn't change when calling the original form.
What should I do to for this!
Thanks in advance.
You will need the plain text password in any case while creating Mail Object.
To improve security,
you should:
Encrypt the password and keep it in code/property file/database. Also store the secret key in code/property file/database. Decrypt it at the time of creating Mail object
Use SSL/TLS/https
This should provide you enough security.
I am using amazon SES to send notification emails in my project. When a user replies back to this email I want to trigger some actions (like a ticket creation or update). Is it possible to know the contents or headers of the email for which user is replying ?
If the replying user's email system supports it (most do), you should receive an In-Reply-To: Header containing the message-id of the email you sent. If you kept that message (along with the message id) you can use this to retrieve original email.
Sometimes the Refereces: Header might be useful as well
I have a piece of software I am developing that includes user accounts and login/passwords. For password storage/protection, I am using an asymmetric salt+hash system, and thus, if a user forgets their password, I would like the software to send a password reset link to the user's email address.
My question is this: is it possible to send this email from an address that does not actually exist (like do-not-reply#myproject.com)? Alternatively, is there a way to send it from a real email address but to mask the "from" address and make it appear to the recipient as do-not-reply#myproject.com even if it truly came from myemail#gmail.com?
Yes, you can send the e-mail to appear to come from any address. It is important to recognize that there are two 'from' addresses - the envelope sender is often not displayed to the recipient but indicates the server that is sending the message. The 'from' address is different and is specified in the message headers. As this is what what the recipient sees, it sounds like you simply need to customize your 'from' address header in the message.
Note: Some users will have e-mail servers that require proof that your server is authorized to send e-mail from the domain in the 'from' header. You can do this with an SPF record on the mydomain.com DNS zone file.
In simple word, whenever I will send mail to anyone (within same mail server) it should appears some fake email address i.e. fakemail#gmail.com but, when they reply to this mail, it should come to my actual email address that is realname#gmail.com.
Note: My both email addresses will use same domain name, but only difference will be fake and real username for that email. I needed for the privacy issue. So, that nobody can reply to my mail directly until I send any mail to them.
Ask your mail server administrator to setup an email forwarding for you.
This is not a Java specific question. What you are asking for is called an
Email alias, and is a standard functionality on mail servers.
You can use a fake "from:" field and a valid "reply-to:" field, but the only people that will be fooled by this are people who would not know how to send spam anyway.
Even if you can (see below) mask the From field, you are giving away your email address in the Reply-To field, so you are still revealing your email address. (And if you weren't, it wouldn't be possible to reply.) So go with #Anony-Mousse and find a proper solution.
Now, please note that there are two "from" fields: one in the SMTP envelope and another in the message data.
It is quite uncommon for current mail servers to let you fake the SMTP from, though it may be possible if the server is using raw SMTP without authorization.
You are more likely to be allowed to send an email with a custom "From" in the message body (which is the one mail clients display, unless you look att all headers). However, the mail server may require that it matches the user you authenticated as.