Main target is to implement instant annonymous e-mail sending from web by client side script. Don't know if it`s event possible, but maybe you know some workarounds, or maybe some e-mail providers allow to send annonymous e-mails by posting data or have some API for that..
Found how to send mail to gmail by javascript, but problem is you need to have gmail account..
Thanks!
You could have a server-side script set up to watch for HTTP requests that contain a special key or API that would send an email based on hard-coded parameters, or parameters the request contain. On the client-side, you would just set up an AJAX request to call this server-side script. You could use Perl, PHP, Python, etc. to accomplish this.
Related
I've been tasked with creating an LDAP authentication on a front-end Javascript application.
I am extremely limited on time and have a very small toolset. The toolset is the front-end javascript application and an available C# application which I can make post and get requests to.
I was thinking I could simply make a call such as https://mybackend.com/authenticate
Where I would post a username and password.
And on the backend this would return whether or not the user was valid in the AD. Which I can then use on the front-end to ensure the user has logged in.
Is this approach extremely unsecure or does it have flaws? I'm thinking that if I am posting to the backend above not much will be exposed.
Any tips would be immensely helpful.
Is this approach extremely unsecure or does it have flaws?
This is not insecure, it's the normal way you would do it. One could add more security by adding a CSRF token, which would be validated on the server for any form submit.
And yes, you should send all the data over HTTPS, this will encrypt the payload.
What you are doing is normal for front-end JavaScript framework like Angular. As long as you use Https, you should be ok.
Only issue is how you will handle the subsequence page requests.
There are two ways to handle it –
Easiest way is to use ASP.Net MVC as login page, and use Cookie Owin Middleware. Since same cookie is sent back to server on API calls, you do not need to do any extra works. You can download my sample code at GitHub - OwinAuthenticationService.
Another way is to use Bearer Token in which you will have to send the same token back to server on every page request.
All method are insecure.
Especially without HTTPS.
But you can put the Authentications in the header of message and use a token generated with a key that only server know.
I am developping a mobile HTML/CSS/JS app with a contact form.
For now I use a "mailto" to send the message, but it is not efficient because the user is sent to his email app before sending.
How can I send the message directly from the app ?
thanks
Write an application that runs on the server of you website.
If you don't want any server side code then you either need to use any third party Javascript application. (API)
or you can try this also :
Email
1) For third party API you can try this also (Never tried it but looks good enough)
www.mycontactform.com
2) Mail Chimp (as Robert suggested)
You will not be able to do this purely from javascript. You will need a server side component to connect to an SMTP server in order to be able to send your email.
Even if you were able to somehow develop an SMTP client for javascript, the security risks involved would much outweigh the advantages. All your users will need to do to send email as you, is to go through your javascript code and get your SMTP credentials.
You can't do it by client side language. Use server side language like php to do that.
<?php
mail(to,subject,message,headers,parameters);
?>
Copied from w3school
I'm building an interactive javascript application that needs to make some SOAP requests to a 3rd party server. The problem is the server only accepts basic WS-Security authentication, i.e. plaintext username and password. The simplest solution is to hardcode the username and password into the Javascript then make ajax calls, but obviously that is terrible from a security standpoint (someone can easily view the page source)
The only way I can think of to overcome this is to have a second server where the SOAP username and password is stored, say in a PHP file. Then the Javascript application can make a ajax call to the server, then the server runs the logic and authenticates with the SOAP server. Someone could still make ajax calls to the server outside of my page, but at least they couldn't get at the username and password
I'm thinkng there has to be a better solution, but I can't think of anything else, anyone have any other ideas? Thanks
I think that the best solution is to do the logic in the server side, and if you can, try to use ssl. then you make the ajax calls to the file that does the logic in the same server were you are serving the HTML/Javascript code.
I am trying to build an error reporting service for my web page. The idea is simple. If an error pops up in a client browser while visiting, I want an error handler to send me notofication about it. My page is static, so I want to avoid adding server side components for that. Can I use ajax request for example and use a gmail account to send the mail to me? I guess ajax does not do cross domain? Maybe there is some other option?
EDIT
My primary language is Java.
What about Google App engine? I can host an app there that can send email. Not sure how I can interact with that app though?
Other idea - if I must use server side component, maybe the best option is to find ready web application (I have java application server running on my host) that sends mail and deploy it. Then I can contact the mail sender with Ajax.
The best way to do this is the following:
You need to set up a web service that accepts the error information.
The web service will generate the email content and send to gmail.
The client (via ajax) will consume this web service and post the error information.
This way your credentials are secure on your server. If you indicate the development language, we may be able to help with a bit more details.
Bob
If you were to be using GMail then you would:
Be using a server side component (GMail's scripts!)
Have to expose your GMail credentials to every visitor (bad!)
Do cross domain Ajax with a third party service (which requires a pretty recent browser and the cooperation of the third party).
You need your own server side handler for this.
You can, ... theoretically. You do not want to, because you would have to send the authentication information for your e-mail account to the client.
Is there any widget, or similar, that i could use to send an email for me?
Something like i pass a post in some pre-defined way, this server would get it, parse it and send it to some email for me?
More of a curiosity than a valid question itself...
There's the classic formmail, a CGI script from the days of yore, which now seems to have a commercial, hosted version. Most web hosts have formmail or some variation of it installed; check the documentation for your host.
Hardly in a public way, as it would most certainly be misused by spammers within a day or two.
You can set something like it up easily using a scripting language like PHP on an own server.
Yes; it's called a server-side script.
You can do it in a couple of lines of ASP.Net. (See the SmtpClient class)
It's also called an open relay; you'll need some way to prevent it from being used by spammers.
You need server-side scripting for this, using a language such as Perl, PHP, Ruby, Python, any .Net language, or Java.
Typically what happens is that your web page will send a POST message to your web server with the recipients, body, and perhaps attachments of the email as POST parameters.
The server side script will parse the POST parameters and run a SMTP or IMAP session with your mail server to send the mail, and the script will pack the parameters from the POST message into that session with the mail server. This is the same kind of SMTP session that your mail client (e.g. Outlook, Thunderbird, Evolution,...) uses to talk to your mail server (e.g. Exchange, gmail, sympatico.ca,...).
The server side script will then render a web page saying whether or not the mail succeeded.
You need to figure out what your web host offers as a server side scripting language. All of the major server-side languages have libraries that allow you to both parse parameters from POST messages and to run a session with your email server. I have personally used libraries from Perl and Ruby on Rails for both parsing and talking to mail servers, and they were straight-forward to use.