Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pavel Zimin2017-07-18 17:32:27
Python
Pavel Zimin, 2017-07-18 17:32:27

How to set up authentication on yandex mail without using an open password?

There is a script that collects mail from the mailbox using open password transmission

username = '[email protected]'
password = 'password'
ymail = imaplib.IMAP4_SSL('imap.yandex.ru', '993')
ymail.login(username, password)

those. anyone with access to the file can leak the password.
Is it possible to set up closed authentication?
I found a function
ymail.login_cram_md5(username, password)
but I don’t have enough knowledge to set it up and does Yandex mail support it at all? Maybe there are other options?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir Dubrovin, 2017-07-18
@Zimy4

Firstly, your password transmission is not open, it is over SSL, but you can really merge from the file. But no matter what you do - you can still get access to the mail, having access to your script, at least by modifying your own script. Only the master password can be protected. This can be done by enabling two-factor authentication and generating an app password as recommended above. The application password is still the same password, but it can only be used to access mail.
Other authentication methods can also be used. CRAM-MD5 is not supported by Yandex, because it does not store the password as a hash, XOAuth is supported
https://tech.yandex.com/oauth/
here is an example of how to log in to GMail, it should also work for Yandex:
https://stackoverflow.com/questions/5193707/use-im...
but in practice this method will not provide additional security.
If I were you, I would not bother with authentication, but would start a separate "unsafe" box, where I would redirect only those letters that need to be processed on the server, delete messages after parsing by the server and not bother with the security of this box. If such a mailbox is compromised, you can simply create a new mailbox and redirect messages to it.

Report
D
Dimonchik, 2017-07-18
@dimonchik2013

https://yandex.ru/support/passport/authorization/a...

Similar questions
P
petrro2019-10-12 20:02:58
How to pass a for loop to the forEach method without changing anything (or almost nothing) in the code except for the for loop itself? 3Reply
M
michael ivanov2015-07-17 18:01:47
When using wysiwyg editors in django, the text is not formatted properly. What to do? 3Reply
N
Nikita Shchypylov2017-07-18 17:26:44
What is the best file structure for React? 3Reply
P
pipline2019-12-19 23:39:02
Gitlab CI/CD php applications in docker. How to organize? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question