locked
Is storing SMTP details in Session object (IP, username, password) secure? RRS feed

  • Question

  • User-745958333 posted

    Hi.

    I've written a tool for multiple companies to use.  Rather than it send emails from my SMTP server (support@mydomain.com) I want to let them use their own SMTP server (support@theirdomain.com) to send emails from.  I can store these settings in a SQL database.  My question is:

    I can retrieve them once at login, and store them in a session object which they can use each time they send an email.  Is this secure?

    Or

    I could read the settings from the database each time they send an email (perhaps not as efficient?).

    Thanks for any advice.

    Tuesday, June 24, 2014 4:45 PM

Answers

  • User-821857111 posted

    Think about it this way - if you have 5000 users who don't send an email, you will have retrieved the data unnecessarily and stored it in server RAM for no good reason if you use session.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 25, 2014 2:16 AM

All replies

  • User-821857111 posted

    I would retrieve them from the database. If doing so created a performance problem, you have bigger worries to manage.

    Tuesday, June 24, 2014 4:55 PM
  • User-745958333 posted
    Yeah fair enough. I'm just thinking about scalability, and if one day I have 5000 users reading from a database each time they send an email. Like you refer to, a quick database query shouldn't be too intensive so I'll go for that option. Thanks.
    Tuesday, June 24, 2014 6:47 PM
  • User-821857111 posted

    Think about it this way - if you have 5000 users who don't send an email, you will have retrieved the data unnecessarily and stored it in server RAM for no good reason if you use session.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 25, 2014 2:16 AM
  • User-745958333 posted
    Yeah, good point Mike...
    Wednesday, June 25, 2014 2:31 AM