security - Securely Storing SMTP Credentials in Java EE -

-

I have a Java EE application running on Glassfish 4 / Java 8 (x64). Development is on a Windows machine, but it will eventually be ported to Linux (either Red Hat or Ubuntu). In that application I need to send an email message from an SMTP server for which user authentication is required and I am using JavaMail to make connections and send an email message. These emails are sent from the system during successful user registration, password reset request etc. Users who initiate the action will not be credentials for sending email. Similar email credentials are used for those tasks, and the email account in question is dedicated to this use.

The approach that comes to mind instantly send the email account user name and plain text password to the database or some other data store, or hard code username and plain text password in the Java EE application. There is clearly a clear security risk related to the password of storage.

There are variations on this, where I can hardly store any encrypted version of the password in the database or in the application. At that time, I am searching for a method to store the key to decrypt the password.

What methods exist in Java EE to safely manage such credentials? Am I ready to store it in plain text?

First, you mean "Java EE".

A typical way to do this is to configure a javamail session in the application server as an administered object (in this case glassfish), and look at that session in your application or configure the inject session. The username and password will include this password out of your application, but it will be accessible to all those people who can read GlassFish files on the server. To make it more secure, you can store the password in keystore, by setting a password align with password configuration, and setting a master password for GlassFish to protect Keystore. I'm sure you'll find more details in GlassFish documentation; Sorry, I do not have any links.


Comments

Post a Comment

Popular posts from this blog

java - org.apache.http.ProtocolException: Target host is not specified -

-
I have written a simple httprequest / response code and I am getting this error below: I used to type in my classpath httpclient, httpcore, common -Codecs and general logging. I am very new to Java and I do not know what's going on here. Please help me. code: import org.apache.http.client.HttpClient; Import org.apache.http.client.methods.HttpGet; Import org.apache.http.HttpResponse; Import org.apache.http.impl.client.HttpClientBuilder; Import org.apache.http.Header; Import org.apache.http.HttpHeaders; Public class UnshorteningUrl {public static zero main (string [] args throws exception {HttpGet request = zero; HTTP Client Client = HTTP ClientBuilder.credit (). Build (); Try {Request = New HTTP Gate ("trib.me/1lBFzSi"); HttpResponse httpResponse = client.execute (request); Header [] header = httpResponse.getHeaders (HttpHeaders.LOCATION); // Preconditions.checkState (headers.length == 1); String new url = header [0] .getValue (); System.out.println ("new url...
Read more

java - Gradle dependencies: compile project by relative path -

-
Is it possible to specify a dependency on another gradeal project in the granular (in android studios) outside the current project limits? For example, with a relative path like this: dependence {collection project ('../../ stdlib / dagger'}} MyApp (path / user / foo / workspace / mypad) The app (Path / User / Foo / Workspace / MyPass / App) And I have an Android Library Project with 3 subdomules: stdlib (path is / user / foo / Utilities (Path / User / Foo / Workspace / Stadlib / Utilis) http (Path / User / Foo / Workspace / Stadlib / HT) / Li> What I have to do is compile the Dagger, Util, http module in the MyApp project. The Stidelib Library module under heavy development And MyApp will grow in the form of Growth, so I do not want to push them into a Mewen repository. I am a little change. is likely to add another Gredle projects in some way? I will push the study library into the Maven repository after the source is in search of a temp...
Read more

ruby on rails - Object doesn't support #inspect when used with .include -

-
So I have participated in a glitch error that I do not even know how to debug. I am very new to the railing, so it has kicked my ass well when I use the .includes (school) seen by the student, it gives a blue box error, But when I look at any other model and .includes (school) , the school works just fine. class student & lt; ActiveRecord :: Base has has_many: relationships, foreign_key: "liker_id", dependent :: has_many: matches, foreign_key: "student_1_id", dependent :: deleted belong_to: school belong_to: conference belong_to: would_you_rather belong_to: home city belong_to: year is_to: Major and class school & lt; on the console activatecord :: Affiliate for the base: conference includes: respondent, class: "school", foreign_key: "rival_id" (e.g. For: School) Select SQL generated Select "School". * "School" from "school" "ID" IN (1) error message back NoMethodError: u...
Read more