This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Security and the fly likes Suggestions on storing mail passwords safely Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Suggestions on storing mail passwords safely" Watch "Suggestions on storing mail passwords safely" New topic
Author

Suggestions on storing mail passwords safely

Karthik Shiraly
Ranch Hand

Joined: Apr 04, 2009
Posts: 475
    
    3
Hi,

A distributable desktop app that uses javamail has to store email account usernames and passwords, so that user doesn't have to login every time (similar to typical email clients like thunderbird and outlook).
What's a good way to store these credentials on user machines?
I'm thinking of using PKI keypair, with a private key generated on installation. But this just shifts the problem to - where to store this private key so that a malicious program can't access it. Probably I should store it in a keystore.

Or should I use something different, like OAuth?

Any suggestions? Or any idea how typical email clients store passwords?

Thanks
Karthik
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Suggestions on storing mail passwords safely
 
Similar Threads
JCE
Regarding: Encryption of Password in Oracle
How encrpyt all files on web server so decryptable by all users' keys?
Where to locate secret key?
Question about text encryption/decryption