All geek questions in one place

Why authentication: "plain" default value for actionmailer in rails (with gmail smtp)?

I read on actionmailer for rails. My question is about the default settings as described here :

config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { :address => "smtp.gmail.com", :port => 587, :domain => 'baci.lindsaar.net', :user_name => '<username>', :password => '<password>', :authentication => 'plain', :enable_starttls_auto => true }

Now, having read from the API here , he says that:

": authentication. If your mail server requires authentication, you need to specify the authentication type here. This is a character and one of: plain (will send a password to the field).

so my question is that it sends the password in clear text? It’s hard for me to believe that this is happening, but I don’t see the documentation saying that it encrypts it, it is somehow connected with the line :enable_starttls_auto => true ? let me know where my error is, as well as guarantee a secure connection (if this happens during encryption)?

as always welcome links and links to documentation / links :)

early.

+4
source share
1 answer

Derek Hill wrote a good answer to this question here: What is "plain" authentication_type in an email program?

But I found this question more easily in google, so resale.

'According to this article, ' although the PLAIN keyword is used, the username and password are not sent as plain text over the Internet - they are always encoded with BASE64 '

However, one drawback using the PLAIN authentication mechanism is that the username and password can be decoded quite simply if someone controls the SMTP connection. To get better security, you can use the authentication mechanism named CRAM-MD5 instead. ''

+4
source

Source: https://habr.com/ru/post/1487906/

More articles:


All Articles