koobas.hobune.stream
Sending email safely
So I've been using the code below
//Start sending the email
MailMessage mail = new MailMessage();
//My email
mail.From = new MailAddress("MyEmail");
//Their Email
mail.To.Add(email);
mail.Subject = "SecureCode Do not respond";
randomValueCheck = UnityEngine.Random.Range(1000,10000);
mail.Body = "Your secure code is: "+ randomValueCheck +". Please enter this into the app and do not respond to this email.";
SmtpClient smtpServer = new SmtpClient();
smtpServer.Host = "smtp.gmail.com";
smtpServer.Port = 587;
smtpServer.DeliveryMethod = SmtpDeliveryMethod.Network;
smtpServer.Credentials = new NetworkCredential("MyEmail", "MyPassword") as ICredentialsByHost;
smtpServer.EnableSsl = true;
ServicePointManager.ServerCertificateValidationCallback =
delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
smtpServer.Send(mail);
Now the interesting thing was that google blocked the app from logging in to my email. What I'm basically trying to do is ensure that the email (User Email) exists by sending them a random number, but I'm using my email to send that code.
Is it OK to use my email considering the fact the password is in the code and it can be reverse engineered? Is there a better way to do it?
Extra Info: After they enter the code, all of their details gets sent to a php script and put into a database.
So back to my question, is this safe and is there a better way to do it? Please ask questions if you are confused
Edit: I'm thinking it may be better to have the php script send the email. Would this be better?
First of all, I would question the need to verify a users email - isn't that more or less the users responsibility when creating an account with you? Most larger websites do no verification apart from basic pattern matching.
Which is why I would suggest pattern matching for initial verification. I.e a regex that looks for something@something.something.
If you really (!) need strong verification you could also consider some APIs. Not affiliated btw, there could be better / cheaper options:
Point being - you should not be doing this yourself ;)
Also: As a user I would dislike being sent a random number...
Thank you, I've decided to make a php script handle this ins$$anonymous$$d of unity but I do like your answer and will probably use something similar in the future.
when people say things like, "you should not be doing this yourself" it shows they dont understand what you are doing. so this "answer" is just a non answer...
"$$anonymous$$ost larger websites do no verification" um, are you drunk? Or I assume you work at Apple, which would explain why you dont understand why anyone would want to verify a user's identity...
Hi robotintervention,
I agree that websites do, do verification, and as I said I solved the issue by moving the more secure things to a PHP script, and hence not handled on the client side.
I also agree that some websites let you login without having to verifying your email, and you can verify it later, but you might lose out on some features until you do. So I was happy with that response, as it was the only response at the time and it was also valid to an extent.
