View Full Version : hiding CDOSYS authentication info

02-12-2007, 08:39 PM
I am a librarian who started my new job seven months ago, knowing only HTML and CSS.... Since starting, I've been picking up ASP on my own. I have had to change all our forms from CDONTS to CDOSYS, and it is functioning properly when I test it. (The code is below; I changed email addresses and the server information for security).

My question is, how do I hide the authentication information so no one else can download it from my form and use it to get into our server? Does the CDOSYS code inherently hide that info? I know that when I look at source code running ASP, I can never see that portion of the code. Being self-taught in ASP, I wanted to be sure I was covering all the security bases. Is this fine as it is?

Note that the area to which I am referring should be bold and red in the code below -- that is what I don't want anyone to be able to get to. Thank you so much for your input.

Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).

Const cdoAnonymous = 0 'Do not authenticate
Const cdoBasic = 1 'basic (clear-text) authentication
Const cdoNTLM = 2 'NTLM

Dim StrFromEmail ' Added Code to allow form with blank email to be sent
if Len(strEmail) = 0 then
strFromEmail = "form@myemail.org"
strFromEmail = request.Form("Email")
end if

Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "Subject goes here"
objMessage.From = strFromEmail
objMessage.To = "MyEmail@myemail.org"
objMessage.TextBody = "Patron: " & strName & vbCrLf & vbCrLf & "Address: " & strStreet & vbCrLf & strCity & "," & strState & " " & strZipCode & vbCrLf & vbCrLf & "email: " & strEmail & vbCrLf & vbCrLf & "phone: " & strPhone & vbCrLf & vbCrLf & "> > > > " & vbCrLf & "Request: " & strDescription

'==This section provides the configuration information for the remote SMTP server.

objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "NameOfMyServer.MyServer.org"

'Type of authentication, NONE, Basic (Base64 encoded), NTLM
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic

'Your UserID on the SMTP server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusername") = "???How_Do_I_Hide_This?"

'Your password on the SMTP server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "How_Do_I_Hide_This?"

'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

'Use SSL for the connection (False or True)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False

'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60


'==End remote SMTP server configuration section==


02-13-2007, 03:33 PM
ASP is server-side. It is processed on the server before any output.
This means that people cannot view the source code of the script.

If they can then ASP is not setup correctly.

02-14-2007, 12:57 AM
Thanks for this info! That was my understanding... but since I'm self-taught and new to ASP I wanted to confer with much more knowledgeable people to be safe. Thanks again.

02-15-2007, 12:45 AM
Yes thats correct. People won't be able to view your ASP code.