Hi
I am new to Go and I have a go program to send email similar
to https://golang.org/pkg/net/smtp/#example_SendMail below:
func main() {
// Set up authentication information.
auth := smtp.PlainAuth("", "u...@example.com", "password", "example.com")
//<====plaintext password here
// Connect to the server, authenticate, set the sender and recipient,
// and send the email all in one step.
to := []string{"recipi...@example.net"}
msg := []byte("To: recipi...@example.net\r\n" +
"Subject: discount Gophers!\r\n" +
"\r\n" +
"This is the email body.\r\n")
err := smtp.SendMail("mail.example.com:587", auth, "u...@example.com", to,
msg)
if err != nil {
log.Fatal(err)
}
}
this go program runs on a little PC that could be shipped to users, and
the little PC would be beyond my control. I read through the Internet and
pretty much everyone says it is bad idea to put plaintext password in
applications even in compiled binary. this link
http://manoharvanga.com/hackme/ "Deconstructing an ELF file" even describe
details on how to reverse engineering the binary and reveal the password.
so if storing plaintext password in compiled go binary is bad idea, is
there anyway to go around in my go net/smtp scenario ? I looked bcrypt but
not sure how to apply bcrypt in this situation, storing hashed password in
the program? any suggestions is welcome! thanks!
Note I don't need military grade security, but secure enough to defer the
most attempt to steal the email password
Thanks
Vincent
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
