Menu
I was experimenting with an email python script and was wondering if when writing a python-based email script is it is less secure as opposed to when credentials are send over the internet when logging into a web page? In the following script, are the user and pass in the clear?
import smtplib
from email.mime.text import MIMEText
GMAIL_LOGIN = '[email protected]'
GMAIL_PASSWORD = 'amiexposed?'
def send_email(subject, message, from_addr=GMAIL_LOGIN, to_addr=GMAIL_LOGIN):
msg = MIMEText(message)
msg['Subject'] = 'Test message'
msg['From'] = from_addr
msg['To'] = to_addr
server = smtplib.SMTP('smtp.gmail.com',587)
server.ehlo()
server.starttls()
server.ehlo()
server.login(GMAIL_LOGIN,GMAIL_PASSWORD)
server.sendmail(from_addr, to_addr, msg.as_string())
server.close()
if __name__ == '__main__':
send_email('testing email script', 'This is a test message')
534
That would entirely depend how the TLS connection is set up. If you are requiring valid certificates (I believe if a certificate which is not trusted is encountered, your startTLS method will throw an exception (I'm not sure you should verify this)). But considering you are setting up TLS, and sending everything over the TLS connection, everything should be encrypted. This means neither your password, username or even your message and addressees will be sent in plain text.
So no, your username and password are not send clear.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
