Question Is having my email password in sourcecode dangerous?

[12padams]

I am making a game with vb.net that occasionally sends me stats of peoples progress within the game by email. My email password is within the code but invisible to the end user. The gmail account is linked to a youtube account that I intend to upload videos to showing progress of my development of the game.

My youtube and email account aren't at risk by having my password within the code are they?

 

[jmcilhinney]

Your source code can be viewed by decompiling your assembly. There are steps you can take to make reading that source code more difficult and good obfuscation can encrypt strings but it's not a great idea to store stuff like that in source code.

 

[12padams]

Well how are you supposed send emails without source code?

 

[jmcilhinney]

Noone said anything about not having source code. The implication was that you don't put anything in the source code that you don't want people to see. That means storing sensitive data like passwords in an external file and encrypting it. You might like to check this out as an example:

Protected Configuration (Encrypting Config Files)

 

[12padams]

Ok thanks

I have set the account up so if it gets hacked it's no biggy. It's just an email used soley for gaining statistics from this game and is completely separate from my personal email. If I do get issues in future I'll follow this tutorial.

Thanks for your help!

 

[jmcilhinney]

What if someone gets hold of that password, logs in and changes it? Will your application still work or will everyone start getting errors? Make sure that you can handle a failed login successfully, although that's something that you should already be doing anyway.

 

[munkyeetr]

I am not sure I understand this ...

If the game sends you stats by email, then you just need the email address in the source, no? Why would you need the password embedded in the game?