I have a window that utilizes the system.net.sendEmail function. This involves using their password which is stored in the database, currently in plaintext.
I want it to work so that instead of having the passwords stored in plaintext, they are encrypted, and I am sending an encrypted password to the SMTP.
How can I make this work? Specifically, what do I need to ask of the administrator of this SMTP server to make this work? I am not sure what technical terms would make make it clear to the administrator what I am asking and what steps I need to do on my end as well.
You’ll have to store and retrieve the password from the database yourself somehow (and do the encryption / decryption). The problem is you’ll need a key ready to use every time you call the sendEmail function to encrypt/decrypt the password with, and you have to store this key somewhere as well. At best you’ll just be obscuring the password in the database.
You can ask the admin to enable SSL/TLS for the mail server, if it’s not already enabled. That will secure the password in transport.
Just encrypting the database and keeping the key elsewhere is at least half the work. You might want to use a gateway script to do all of the decryption, with system.util.sendRequestAsync()
, so that a client can never be sent the keys or the exact algorithm. You can probably go down the rabbit hole of ways to obscure the key, but if anyone else has access to edit scripts in the designer, there’s no way to protect it. You can only trust your devs and keep that power restricted.