I am reading up on actionmailer for rails. My question is about the default settings as described here:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "smtp.gmail.com",
:port => 587,
:domain => 'baci.lindsaar.net',
:user_name => '<username>',
:password => '<password>',
:authentication => 'plain',
:enable_starttls_auto => true }
now reading from the API here it says that:
":authentication - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of :plain (will send the password in the clear)"
so my question is, does this send the password as plaintext? I find it hard to believe that it does but I can't see in the documentation where it says it encrypts it, is it something to do with the line: :enable_starttls_auto => true ? let me know where my mistake is, also how does the enablestarttls guarantee a secure connection (if this is where the encryption comes in)?
as always links to documentation/references are appreciated and encouraged :)
thanks in advance.
Derek Hill wrote a nice response to this question here: What is the "plain" authentication_type in mailer?
But I found this question more easily on google, so reposting.
"According to this article 'although the keyword PLAIN is used, the username and password are not sent as plain text over the Internet - they are always BASE64 encoded'
However 'One drawback using the PLAIN authentication mechanism is that the username and password can be decoded quite easy if somebody monitors the SMTP communication. To obtain higher security an authentication mechanism with the name CRAM-MD5 can be used instead.'"