Password security

[NG]

What options does Pony have to protect against a third party seeing
our password when we send email? For example, in the following
excerpt:

Pony.mail(:to => 'y...@example.com', :via => :smtp, :via_options => {
:address => 'smtp.gmail.com',
:port => '587',
:enable_starttls_auto => true,
:user_name => 'user',
:password => 'MY PASSWORD',
:authentication => :plain, # :plain, :login, :cram_md5, no
auth by default
:domain => "localhost.localdomain" # the HELO domain
provided by the client to the server
})

Can hackers see the password "MY PASSWORD"?
Thanks!
NG

[Ben Prew]

You're using TLS ( :enable_starttls_auto => true ) so the password
would be sent encrypted. Is that what you mean? Or do you mean if
the hackers had access to the source code itself?

--
--Ben

[Terry Lewis]

So super zombie thread resurrection, but I basically had the same question. How to obscure the password in the actual file itself, such that even if someone got access to the source they could not get it? Or is that even something to really worry about? I would be hosting the app on a VPS on Linode or something similar.

Thanks,

Terry.

[Ben Prew]

Terry,

Typically configuration values like this are stored in a config file or as environment variables.  See http://12factor.net/ for more info about writing scalable web apps.

--
 
---
You received this message because you are subscribed to the Google Groups "Ponyrb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ponyrb+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Terry Lewis]

Cool, thanks for the quick reply.