2

I am working on a Java program which record data from sensors and send me the result by email (the computer is far from my office).

    Properties props = new Properties();
    props.put("mail.smtp.host", HOST);
    props.put("mail.smtp.port", "587");
    props.put("mail.smtp.starttls.enable", "true");
    props.put("mail.smtp.ssl.enable", "false");

    Session session = Session.getInstance(props, new javax.mail.Authenticator() {
        protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication(LOGIN, PASSWORD);
        }
    });

So I put my login/password non-encrypted in my code. It works but it is not safe because anyone can uncompress the jar file and find my login/password. What could be the best approach? Even if I use an encrypted external file, I have to provided the key to decrypt the file.

user6556725
  • 21
  • 2
  • Well, I only have a hint, but maybe it will help you. Try to explore the option of using AUTH CRAM-MD5 instead of AUTH PLAIN. Some info can be found here: http://www.samlogic.net/articles/smtp-commands-reference-auth.htm and also here: http://www.fehcom.de/qmail/smtpauth.html – Yoav Gur Jul 12 '16 at 06:59
  • This will probably help even more: http://stackoverflow.com/questions/186827/smtp-with-cram-md5-in-java – Yoav Gur Jul 12 '16 at 07:01
  • On a general note, I don't think you will get perfect security with a remote connection, as a sufficiently determined attacker can get anything that is in your remote sensor. Consider additional server side checks like the IP address of the originator. Also create a user account that is only used for sending the data, and do not use that account for anything else. This account should have the absolute least amount of access to your systems that is required. – Richard Neish Jul 12 '16 at 09:49

0 Answers0