Good day.

Tell me how to organize secure storage of a password from SMTP, so that neither in app.config? Nor when you run with the help of a à la ILSpy, NET Reflector password is displayed?

Did SecureString, but it is perfectly displayed through the program named above. After running the config via aspnet_regiis, it is no longer possible to use it on another machine without manipulations.

  • In order for the data to be decrypted on another computer, the user must have the encryption key so that he can enter it on that computer. That is, the user, instead of one password (from SMTP), will need to remember another (from a secure storage). And what's the point of storing the password in the configuration file? - Jan 7:09 pm
  • @Arhad so this option did not fit. The program itself is simple. A regular monitor with sending logs by event, ie there is no interface and user interaction, so the option of entering a password does not fit at all - ExzoTikFruiT 7:13
  • And what if you store the password in the user's password storage, which is implemented by the operating system? - eri
  • @eri Is not everyone there can watch passwords? I just don't want to show the password from the box anywhere - ExzoTikFruiT 9:01 pm
  • one
    @ExzoTikFruiT не хочется нигде показывать пароль от ящика Act according to the rule "everything that is on the user's machine can be opened." If you do not want to shine your box anywhere - make a separate web service through which you can send the data you need. - Gennady P

0