Email account password store in Java / Mysql server program

Question

Email account password store in Java / Mysql server program

I am in a sticky situation when I write an application that sends emails to clients using my company email account. The problem here is that I must have a password for the account so that the mail service on the server sends emails from this account. I know that passwords should never be stored in plain text, especially those used for important email accounts. The dilemma here is that the program is REQUIRED to have a real text password for sending emails, so it must be available somewhere for the program. The program uses the MySQL database to store information, so I have three options at my disposal:

1) Save the password in the program memory, i.e. private end field String.

2) A file on the server on which the password can be read from

3) Somewhere in the MySQL database.

I would think that 1 is the safest option, but does anyone have any ideas for this kind of situation in order to minimize the risk of getting the password into the wrong hands? Thanks for your advice!

+3

java mysql email passwords

thatidiotguy Apr 12 '12 at 21:39

source share

3 answers

, 2 3. , .

.

String encodedUrl = URLEncoder.encode(url,"UTF-8");

String decodedUrl = URLDecoder.decode(url,"UTF-8");

+1

tier1 12 . '12 21:42

. MYSQL blob, AES- ; key_string java .

MYSQL:

AES_ENCRYPT(str,key_str)

AES_DECRYPT(crypt_str,key_str)

:

INSERT INTO t VALUES (1,AES_ENCRYPT('password','encryption_key'));

SELECT AES_DECRYPT(password, 'encryption_key') AS unencrypted FROM t

, , . . .

Alternatively, you can use stored procs to enter and exit keys, or you can encrypt them on the server side and insert / extract after encryption.

+1

TechTrip Apr 12 '12 at 23:51

source share

Adam Mihalcin · Accepted Answer · 2012-04-13T00:28:33+0000

Comments indicating that SMTP does not require authentication are correct. However, all three parameters that you specified are unsafe, assuming that the server uses commercial equipment and software. I will show why each of them is unsafe, although I will not follow your original order.

2) A file on the server on which the password can be read from
3) Somewhere in the MySQL database.

, - ? , . , , , .

. , (, Sony PlayStation Network) , . , , , , (HTTP-, ..) , .

1) , .. String.

, , 2 3. -, .class, Java, . , 2 3, javap, .class.

. , , . , . - , . . , . , , - , .

, , HTTP/ , 1 , HTTP/ .

: ", ". , , , . . , , , - . Kerberos KDC ( ), , , , , .

Email account password store in Java / Mysql server program

More articles: