|
-
Dec 21st, 2011, 12:35 AM
#1
Thread Starter
Fanatic Member
email confirmation
how to send email in asp.net just for confirmation for the user registration?
Thanks
-
Dec 21st, 2011, 01:37 AM
#2
Re: email confirmation
I think you have some forums in mind.I'm afraid it doesn't work that way.You will have to do some significant coding work.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Dec 21st, 2011, 04:29 AM
#3
Re: email confirmation
Hello,
Have a look here:
http://www.4guysfromrolla.com/articles/062508-1.aspx
This is part of a 18 part series that details pretty much everything you can do with the ASP.Net Providers:
http://www.4guysfromrolla.com/articles/120705-1.aspx
Gary
-
Dec 22nd, 2011, 06:24 PM
#4
Re: email confirmation
I have 2 problems with this article.
1st)If you create an account and use wizard sendmail then if the mail server doesn't send the mail due to some issue then the user is blocked for life.
2nd)No matter what the article says about the userid you should never give away the userid stored in the SQL server.I'd use a random guid and then after it has served it's purpose, deleted it.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Dec 23rd, 2011, 02:01 AM
#5
Re: email confirmation
Hello,
For the first one, most sites deal with this by allowing the authentication email to be sent again, so you could use a similar approach here.
I don't really see the concern here. The UserId doesn't help anyone in terms of accessing the account information, it is only useful in server side code.
Gary
-
Dec 23rd, 2011, 03:06 AM
#6
Re: email confirmation
For the email i had a personal experience with the sending and i can definitely say there could be a problem.
For the user id.Yes ok if someone believes that no one will never bypass any security and that a hacker will never run a simple select on a user id then it's fine.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Dec 23rd, 2011, 03:17 AM
#7
Re: email confirmation
I can see what you are getting at, but there are lots of things that would have to fail before this would be a problem, and at that point, it wouldn't just be the user database that would be at risk.
For instance, the UserId is being sent to a single email address, so any hacker would need access to that email address. They would then need to identify a SQL Injection vulnerability on the site, which no one here would have as everyone uses parameters (see the link in my signature). Or they would need to have hacked into your ISP and gained access to your database, which again wouldn't happen as everyone here uses very strong passwords, right? 
Gary
-
Dec 23rd, 2011, 03:26 AM
#8
Re: email confirmation
Yes,well,riiight.As a package delivery company i am doing business with that used sa, admin 
There are other way to hack to sql and bypass the parameters (one is ports) but this is not for conversation here.
Edit:Also show it does " e.Message.Body = e.Message.Body.Replace" on wizard.Is this rendered on viewstate?If so it's troublesome.Never used the user wizard,so.
Last edited by sapator; Dec 23rd, 2011 at 03:32 AM.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|