I’m at present engaged on a Unity Asset that entails sending emails utilizing Gmail’s SMTP server. As a part of the setup, builders utilizing the asset are required to enter their electronic mail tackle and the corresponding App Password for authentication.
Lately, I encountered an issue in the course of the submission of my Unity Asset. The rejection motive said that the e-mail credentials weren’t saved securely and will probably be uncovered within the constructed undertaking, violating safety tips (Part 1.5.b: API key storage non-secure).
Here is a abstract of my scenario:
-
My Unity Asset requires electronic mail credentials for SMTP server utilization, particularly the App Password for Gmail.
-
The credentials are at present saved instantly throughout the Unity undertaking, resulting in safety considerations.
-
I tried to achieve out to Unity for steering, however their response advised exploring alternate options with out offering particular options tailor-made to my implementation.
-
I’m searching for recommendation and strategies from the group on how you can securely retailer electronic mail credentials, particularly contemplating the sensitivity of the App Password. I wish to make sure that the credentials are adequately protected to stop unauthorized entry or publicity within the constructed undertaking.
Right here is my Code that’s inflicting the issue:
[Header("Mail Credentialsn")]
//This the place Mail credentials is Initilized/retailer.
[SerializeField] personal string ReceiverMail = "[email protected]";
[SerializeField] personal string SenderMail = "[email protected]";
[SerializeField] personal string appPassword = "SenderMailAppPassword(dfkfjjfkjgmnfk)";
personal async void SendMail()
{
//code.....
mail.From = new MailAddress(SenderMail);
mail.To.Add(ReceiverMail);
//code.....
//That is the place Sender Mail credentials is utilized in whole Code
smtpServer.Credentials = new System.Web.NetworkCredential(SenderMail, appPassword) as ICredentialsByHost;
//code.....
}
How can I greatest remedy this downside?