使PHPmailer成为“更安全的应用程序”为Gmail [英] Make PHPmailer a "more secure app" for Gmail
问题描述
我们可以在PHPmailer中实现哪些安全性,使其成为Gmail更安全的应用程序? https://support.google.com/accounts/answer/6010255
我正在使用PHPmailer通过Gmail发送电子邮件。 PS:我不想在此处启用访问安全性较低的应用程序: https:// www .google.com / settings / security / lesssecureapps ,我希望让应用程序更安全。 解决方案
已开始实施一种新的身份验证机制,将SMTP身份验证替换为基于OAuth2的授权。有关其更改的文档可以在此处找到。
这并不能真正提高安全性,因为最终您仍然需要通过SSL提交用户名和密码(谷歌认为不安全的机制)以进行身份验证以获取OAuth令牌,这与安全性完全一样作为现有的SMTP认证系统。
到目前为止,PHPMailer并不支持这种新机制 - PR欢迎!您将需要一个OAuth2类,例如这一个,也许使用这个代码示例。
与此同时,您必须为不太安全的应用启用访问权限,并且您应该设置 SMTPSecure ='tls'和 Port = 587 并使用普通身份验证连接使用PHPMailer。
< h1>更新
自版本5.2.11开始,PHPMailer支持Gmail的XOAUTH2身份验证。请参阅本指南。它在6.0版本中得到了扩展,以支持其他服务。
What security can we implement in PHPmailer to make it a more secure app for Gmail? https://support.google.com/accounts/answer/6010255 I am using PHPmailer to send emails via Gmail. PS: I don't want to enable "access for less secure apps" here: https://www.google.com/settings/security/lesssecureapps, I want to make the app more secure.
Gmail has started imposing a new authentication mechanism that substitutes SMTP athentication for OAuth2-based authorisation. The docs on their changes can be found here.
This doens't really improve security much because ultimately you still need to submit your username and password over SSL at some point (the very mechanism that google deems insecure) to authenticate to get an OAuth token, which is exactly as secure as existing SMTP auth systems.
As yet, PHPMailer does not support this new mechanism - PRs welcome! You will need an OAuth2 class, such as this one, and perhaps make use of this code example.
In the mean time, you do have to "enable access for less secure apps", and you should set SMTPSecure = 'tls' and Port = 587 and use normal auth to connect using PHPMailer.
Update
PHPMailer supports Gmail's XOAUTH2 authentication as of version 5.2.11. See this guide. It's being expanded in version 6.0 to support other services too.
这篇关于使PHPmailer成为“更安全的应用程序”为Gmail的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
