Pass the hashed password to Java Mail API
Good morning everybody,
I am developing ERP for my company using GWT Framework and I am getting the number of unread emails using Java Mail API. I can do this, but the problem is that I store the SHA-512 hashed password on the databases and I would not pass the clear Java Mail API password, but just hashed the password to avoid passing the cleared password over the network.
I am using this code to get the number of unread emails:
private static int getNumberOfUnreadMails() {
int numberOfUnreadMails = 0;
Properties properties = new Properties();
properties.put("mail.imap.host", "myserver.com");
properties.put("mail.imap.user", "developper@myserver.com");
properties.put("mail.imap.socketFactory", 143);
properties.put("mail.imap.socketFactory.class", "java.net.ssl.SSLSocketFactory");
properties.put("mail.imap.port", 143);
Session session = Session.getDefaultInstance(properties, new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("developper@myserver.com", "mypassword");
}
});
Store store;
try {
store = session.getStore("imap");
store.connect();
Folder folder = store.getFolder("Inbox");
numberOfUnreadMails = folder.getUnreadMessageCount();
} catch (Exception e) {
e.printStackTrace();
}
return numberOfUnreadMails;
}
I can also use a different hashing algorithm. If you know the solution to my problem, pounce on it in advance.
PS: Sorry for my poor English, I'm French.
source to share
An unhashed password is required to authenticate your IMAP server. You are probably already using SSL (as you installed mail.imap.socketFactory.class
), so your password is never sent in the inbox.
BTW: The correct way to use IMAP with SSL with javamail is to use the protocol imaps
(and use mail.imaps.*
without using the imap protocol and specifying the SSL factory socket as the socket factory Also usually IMAP with SSL port is 993, not 143.
source to share