为什么进行身份验证:' plain' Rails中的actionmailer的默认设置(使用gmail smtp)? [英] why is authentication: 'plain' the default setting for actionmailer in rails (with gmail smtp)?

问题描述

我正在阅读actionmailer中的rails.我的问题是有关此处所述的默认设置:

I am reading up on actionmailer for rails. My question is about the default settings as described here:

config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
  :address              => "smtp.gmail.com",
  :port                 => 587,
  :domain               => 'baci.lindsaar.net',
  :user_name            => '<username>',
  :password             => '<password>',
  :authentication       => 'plain',
  :enable_starttls_auto => true  }

现在从此处读取，它表示:

:authentication-如果您的邮件服务器需要身份验证，则需要在此处指定身份验证类型.这是一个符号，是:plain之一(将以明文形式发送密码)"

":authentication - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of :plain (will send the password in the clear)"

所以我的问题是，这是否以明文形式发送密码?我很难相信它能做到这一点，但是我在文档中看不到它对它进行加密的地方，这与以下行有关::enable_starttls_auto => true吗?让我知道我的错误在哪里，enablestarttls也如何保证安全的连接(如果这是加密的来源)?

so my question is, does this send the password as plaintext? I find it hard to believe that it does but I can't see in the documentation where it says it encrypts it, is it something to do with the line: :enable_starttls_auto => true ? let me know where my mistake is, also how does the enablestarttls guarantee a secure connection (if this is where the encryption comes in)?

一如既往地欢迎并鼓励与文档/参考文献的链接:)

as always links to documentation/references are appreciated and encouraged :)

提前谢谢.

推荐答案

德里克·希尔(Derek Hill)在这里对这个问题做出了很好的回答:

Derek Hill wrote a nice response to this question here: What is the "plain" authentication_type in mailer?

但是我在Google上更容易找到这个问题，所以重新发布.

But I found this question more easily on google, so reposting.

根据本文'尽管使用了关键字使用PLAIN，用户名和密码不会以纯文本格式通过Internet发送-它们始终是BASE64编码的'

"According to this article 'although the keyword PLAIN is used, the username and password are not sent as plain text over the Internet - they are always BASE64 encoded'

但是，'使用PLAIN身份验证机制的一个缺点是，如果有人监视SMTP通信，则可以非常容易地解码用户名和密码.为了获得更高的安全性，可以使用名称为CRAM-MD5的身份验证机制代替.'"

However 'One drawback using the PLAIN authentication mechanism is that the username and password can be decoded quite easy if somebody monitors the SMTP communication. To obtain higher security an authentication mechanism with the name CRAM-MD5 can be used instead.'"

这篇关于为什么进行身份验证:' plain' Rails中的actionmailer的默认设置(使用gmail smtp)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！