On Wednesday, 26 October 2016 16:02:37 UTC-7, vincen...@gmail.com wrote: > > Hi > > I am new to Go and I have a go program to send email similar to > https://golang.org/pkg/net/smtp/#example_SendMail below: > > > > func main() { > // Set up authentication information. > auth := smtp.PlainAuth("", "us...@example.com <javascript:>", "password", > "example.com") //<====plaintext password here > > // Connect to the server, authenticate, set the sender and recipient, > // and send the email all in one step. > to := []string{"reci...@example.net <javascript:>"} > msg := []byte("To: reci...@example.net <javascript:>\r\n" + > "Subject: discount Gophers!\r\n" + > "\r\n" + > "This is the email body.\r\n") > err := smtp.SendMail("mail.example.com:587", auth, "us...@example.com > <javascript:>", to, msg) > if err != nil { > log.Fatal(err) > } > } > > this go program runs on a little PC that could be shipped to users, and > the little PC would be beyond my control. I read through the Internet and > pretty much everyone says it is bad idea to put plaintext password in > applications even in compiled binary. this link > http://manoharvanga.com/hackme/ "Deconstructing an ELF file" even > describe details on how to reverse engineering the binary and reveal the > password. > > so if storing plaintext password in compiled go binary is bad idea, is > there anyway to go around in my go net/smtp scenario ? I looked bcrypt but > not sure how to apply bcrypt in this situation, storing hashed password in > the program? any suggestions is welcome! thanks! >
tl;dr; there is no secure way to embed a password inside an executable. It depends what do you want to keep protected or why do you need to hide the password in the first place? What is the purpose of the program? If you just need to protect the email account, set up a server that accepts a https+POST request and sends the email. That computer would be under your control and you can store the password there. + Egon -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
