I am using PHPMailer to send emails using my gmail account. If I hit the PHP file using a rest client, it gives me all kind of client server communication data, in which I found that my own gmail username and password are sent base64 encoded, which can easily be reversed to plaintext by anyone using tools like burpsuite to intercept. This PHP file is called using ajax and I get all the info in response of that PHP file. How can I stop the PHP file from sending this info to the client?
Some of the settings are as follows:
require_once('class.phpmailer.php');
include 'class.smtp.php';
$mail = new PHPMailer();
$mail->IsSMTP(); // telling the class to use SMTP
$mail->SMTPDebug = 2; // enables SMTP debug information (for testing)
// 1 = errors and messages
// 2 = messages only
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->SMTPSecure = "ssl"; // sets the prefix to the servier
$mail->Host = "ssl://173.194.67.109"; // sets GMAIL as the SMTP server
$mail->Port = 465;
Got it, it was happening because the SMTPDebug was set to 2, commented out that line and the issue is fixed.