Last post Oct 26, 2014 07:20 PM by GiftedProgrammer
Aug 13, 2014 04:28 AM|pulsmartin|LINK
In my project I receive Emails with xml attachments, I read these attachments and insert relevant information into the DB.
Which security precautions have to be taken care of - when reading the attaachments.
I do only read the xml attachments received from a specific address- but this can also be forged, no?
Aug 14, 2014 04:41 AM|George Hua - MSFT|LINK
It depends on how you read attachments and what the email is (Outlook, Gmail etc).
I don't know why you need to forge these attachments, as far as I know, if you are using Outlook, you can download this attachment, change its content and upload to this Email again.
Here are some resource for your reference:
Get attachment from my
email by c#?
Fetching emails pagewise using Pop3Client in asp.net c# ajax
Read Gmail Inbox Message in ASP.NET
Hope this helps.
Aug 18, 2014 05:49 AM|pulsmartin|LINK
I think my question was misunderstood.
In my project I download Emails with a third party tool - openpop.
I download the attachments and read them.
Could there be any security issues when I read the attachments in my project?
I do make sure to only read attachments that come from certain email-adresses, that I trust. But email-adresses can be forged, so that is not enough security.
Is my question clearer now?
Aug 20, 2014 06:02 AM|George Hua - MSFT|LINK
It seems the issue is more related to the third part tool since you are working with this tool and Emails.
You could consult the developers or support team of this tool if possible.
Oct 26, 2014 07:20 PM|GiftedProgrammer|LINK
It seems to me like your only concern is SQL injection attacks. Just make sure you aren't processing the values that you are receiving with T-SQL. You want to convert all data types, like int, or byte, and then insert into your DB.