net / smtp是否以纯文本发送凭据？

I'm looking at this example. http://golang.org/pkg/net/smtp/#example_PlainAuth

package main

import (
    "log"
    "net/smtp"
)

func main() {
    // Set up authentication information.
    auth := smtp.PlainAuth("", "user@example.com", "password", "mail.example.com")

    to := []string{"recipient@example.net"}
    mesg := []byte("This is the email body.")

    err := smtp.SendMail("mail.example.com:25", auth, "sender@example.org", to, mesg)
    if err != nil {
        log.Fatal(err)
    }
}

Does smtp.PlainAuth send credentials to the mail server in plain text? Is it safe to use net/smtp in the wild?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dswm97353 2015-05-11 00:42
关注
PlainAuth uses the Plain auth mech from RFC 4616, which is the username/password in plain cleartext. Normally when you are using this, encryption will be handled at a lower level, for example you will create a TLS connection. and then use PlainAuth over that. If you are not talking over an encrypted connection, then use of PlainAuth can be risky as if the traffic is intercepted, the user/pass are easy to get.

but if you read, you will see the SendMail function says the following:

SendMail connects to the server at addr, switches to TLS if possible, authenticates with the optional mechanism a if possible, and then sends an email from address from, to addresses to, with message msg.

So it will try to automatically upgrade to TLS where possible for you. So as long as you are using servers that support TLS, you should be relatively safe. The other Auth choice is CramMD5, but server support for this method is generally less common than PlainAuth which most everything supports.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

net / smtp是否以纯文本发送凭据？
2015-05-11 00:22

回答 1 已采纳 PlainAuth uses the Plain auth mech from RFC 4616, which is the username/password in plain cleartex
如何在golang net / smtp.sendmail中定义发件人名称？
2017-09-22 16:48

回答 1 已采纳 You could add it to the msg for example, extending the example from the official docs you could us
GoLang net / smtp sendMail发送给带有加号的收件人
2016-06-17 15:51

回答 1 已采纳 I was able to reproduce this error if and only if I had a semi-colon in the To header within the m
38.DevOps之基于Jenkins实现的CI与CD
2021-07-17 14:23

特洛伊CAR的博客 4.5.1 配置构建后操作 4.5.2 验证构建后操作 4.6 jenkins 分布式 4.6.1 配置 slave 节点 java 环境 4.6.2 添加 slave 节点 4.6.3 添加 slave 认证凭据 4.6.4. slave 节点最终信息 4.6.5 jenkins slave 创建日志 ...
如何使用Outlook的SMTP服务器发送电子邮件？
2019-09-04 07:54

回答 2 已采纳 auth := smtp.PlainAuth("", user, pass, server) This is using the authentication method PLAIN.
PHPMailer- Mailer错误：SMTP connect（）失败。 https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting？ php
2017-06-28 11:24

回答 2 已采纳 You must to have installed php_openssl.dll, if you use wampserver it's pretty easy, search and app
在Codeigniter无法发送电子邮件 - fsockopen（）：无法连接到ssl：//smtp.gmail.com：465（连接被拒绝） php ssl
2016-10-31 09:57

回答 1 已采纳 Connection refused means exactly that the connection to the peer was refused. This is because the
java怎么自动生成统计图_如何自动生成和发送计算机统计信息
2020-09-15 07:19

culiuman3228的博客 java怎么自动生成统计图 It... cd C:\SendEmail cd C:\SendEmail Now we can try sending a test email with the following command: 现在，我们可以尝试使用以下命令发送测试电子邮件： sendEmail -f username@gmail....
无法使用gmail smtp从localhost发送电子邮件？ php
2012-05-18 07:06

回答 2 已采纳 Gmail's SMTP server requires SSL if I recall correctly. Try $this->Email->smtpOptions = ar
[SMTP：无法连接套接字：fsockopen（）：无法连接到ssl：//smtp.gmail.com：465（未知错误）（代码：-1，响应:) php ssl
2018-02-20 00:57

回答 1 已采纳 Obviously it's still the certificate issue. Try using the latest CA certificates extracted from Mo
存储SMTP用户数据加密？ laravel php
2018-07-18 20:15

回答 1 已采纳 Laravel provides the encryption methods via the Crypt facade and is very easy to use: $enc = Cryp
计算机网络——应用层
2023-07-22 01:16

牧鸯人的博客其他记录类型：DNS不仅可以解析域名到IP地址，还可以提供其他类型的记录，如邮件交换记录（MX记录）用于指定邮件服务器，别名记录（CNAME记录）用于指向另一个域名，文本记录（TXT记录）用于存储任意文本信息等。...
Golang的smtp客户端的自定义拨号程序？
2018-08-15 09:21

回答 1 已采纳 You are using port 465 which expects TLS from start (implicit TLS) and not the usual TLS after STA
Apache NiFi系统管理员指南 [ 三 ]
2019-03-20 16:04

张伯毅的博客不过，要记住的重要一点是ZooKeeper会以纯文本传递密码。这意味着不应使用用户名和密码，除非ZooKeeper在localhost上作为单实例集群运行，或者与ZooKeeper的通信仅在加密通信（例如VPN或SSL连接）上发生。ZooKeeper...
Web安全攻防渗透测试实战指南笔记三
2022-04-05 22:00

Ren59421的博客判断是否存在注入假设目标注入点是http://192.168.1.104/sql1/Less-1/?id=11，判断其是否存在注入的命令如下所示。 Sqlmap.py -u http://129.168.1.104/sql1/Less-1/?id=1 当注入点后面的参数大于等于两个小时，...
没有解决我的问题, 去提问

悬赏问题

¥15 delta降尺度计算的一些细节，有偿
¥15 Arduino红外遥控代码有问题
¥15 数值计算离散正交多项式
¥30 数值计算均差系数编程
¥15 redis-full-check比较两个集群的数据出错
¥15 Matlab编程问题
¥15 训练的多模态特征融合模型准确度很低怎么办
¥15 kylin启动报错log4j类冲突
¥15 超声波模块测距控制点灯，灯的闪烁很不稳定，经过调试发现测的距离偏大
¥15 import arcpy出现importing _arcgisscripting 找不到相关程序

net / smtp是否以纯文本发送凭据？

1条回答 默认 最新

悬赏问题

1条回答默认最新