I've made a simple mailing app that takes in email credentials and uses it to send emails of certain kinds to selected addresses. Problem is, I've had to input the credentials right into the code, so anyone who uses dex2jar can get the source code and get the email used for forwarding and easily make the app obsolete.
I imagine I'm not the only one facing this issue, so what are some ways to make my code secure?
No matter how good of a technique you use to hide the credentials, if it's in the code then it can always be found.
Instead of hard coding them in, you could perhaps let the user specify them when he starts the app? If that can't be avoided you could instead have a remote service that will do the sending and forward your request to that.
You can not both connect to an e-mail account and keep those same users out of said e-mail account. Consider using a hosted server as part of the project to securely connect to the e-mail account from the server level and process these e-mails remotely.
Related
I'm working on an app that lets users submit orders, and also make custom orders where they upload an image. I then want to receive all this information by email. Initially, I was using JavaMail API with Gmail, but I heard that it can cause a blocking of the account due to "Suspicious Activity". Apparently a way around this is to use the Amazon SES SMTP server, but with that I cannot seem to find any documentation whatsoever on sending emails with attachments for Android (there is one but it's for general Java and it does not work on Android).
There must be a better way to to do this, I'm just not sure where to start looking. This is my first dev project (I'm in my 2nd year of computer science), so I'm pretty green with this stuff. If someone could point me in the right direction I would be so grateful. I'm open to learning new things, I'm just not even sure about what I need to learn in the first place for this.
your email will be blocked if you are sending emails in huge amount like hundreds of email in a second if you are not sending email in such amount so don't worry about getting blocked and if you are sending in email in such amount then you can take external email service theirs a lot of marketing via email services i hope this might help
I have have a BIG problem in the past few days. I'm developing an application for a customer and I have an external database in the web. In the program there are a login and some modules. At the time I store the data for access to the DB hardcoded in the Java code. Of course this is not a way to store those data.
Then I was searching so much to find out a way to connect to the database.
Store the password in a properties (.xml) file on the PC
Encrypt the password
etc.
But all of this is not really secure. Then I found something good. "Three-Tier Application Server" sounds really good and a possible way that I don't have to save the data on the PC. But I read everytime how a Three-Tier server works, but nowhere how to develop something like this in java. And is there a possibility that a hacker write an application that connects to this server too and get all of the data, because he decompile the application and get the access data?
Thanks for help
There are indeed many ways you can go about this.
The best way is to have the authentication checks spread throughout your code to where it would be very hard to remove them.
Have the authentication with SHA256/512 and or MD5 and have the user send a login request to the server.
Only authenticate the user if the server responds that it is registered.
Do not store any information other than the users info on the client end.
All the checks should be made and validated on the server side.
You also most definitely want to obfuscate your client sided code as well.
i am developing a chat application for local environment where our office employees can chat easily so here I am getting some conflicts when I am trying to send message over the IP but there IP being change dynamically so how can i resolve it .
First of all, I recommend using a well established solution like a local Jabber Server installation and using a client that supports the required features.
If you really want to pull this off on your own, you'll need at least a central controlling point (Server) to abstract Users from their Endpoint.
Configured user would then have to login to that server to signal they are ready to receive messages. Doing this, you have the momentarily correct IP that you can then use to relay messages or to give to other clients wanting to send to that user. Also consider that users may want to use more than one client (they have 2 PCs?). You probably wouldn't want to bind one user to one client device.
Also note that you will have to create a decent protocol for all this. This can be quite tedious if you want similar features to for example Skype Chat or ICQ, or some derivate of XMPP / Jabber.
This leads me again back to my first suggestion: Better use something that already exists. Installing and configuration of that can already be effort enough. Coding all that by yourself, though will take way more effort.
And I didn't even go into status/statusmessages, groupchats, sending/sharing Files, sending messages while User is away/offline ...
First of all, this is a kinda broad question, and I believe it belongs partially on Serverfault also, so bear with me. I tried googling and searching here, but only found parts of this question but not the whole idea of it. Here goes:
My problem is:
Im writing a web application, and my server is Java. I want to add a feature where my users can do BY EMAIL some of the possible interactions they can already do on the interface. For this part I believe to setup a mail server (any server recommendations?), and from my Java app (Tomcat) connect to the mail server and read the emails via POP3 or something (any API recommendations?).
The tricky part is that I dont want to use a single email address for that purpose. I want, for example, that if my user Joe want to CREATE an object in my application, then he would send an email to joe#create.mydomain.com, if he would like to DELETE an object, he would send to joe#delete.mydomain.com. The possible actions are previously known and limited, of course (since I would have to mess with the DNS for that purpose). This is just an example, most likely I would have to "tokenize" the left part of the email address (before the #), or else any user would be able to create and delete other userĀ“s objects (since email is semi-anonymous).
And the extra-tricky part is that I already have an email server running on mydomain.com, for the corporate emails. How to make that all emails from the actions words ("subdomains"?) go to my "application email server" and those without action words go to my "corporate email server"?
I guess thats it!
Thanks all
Since you're already using Java, it sounds like Apache James might be a good fit for you.
It allows you to create Matchers and Mailets which pick out and process emails based on your defined criteria (which could be address based sender/receiver matching, subject lines, etc). The process could insert records into a database, invoke a web service, anything you want to write in Java.
I have written a nice program in Java that connects to a gmail account and download atachments sent to it. Once an attachment has been downloaded, it is marked as read and is not downloaded ever again. This program will have to run in multiple instances with each program downloading unique attachments so that a single attachment is never downloaded twice. The problem is that at the moment if the attachment is of a decent size, one program is still downloading it, when another instance connects and also starts to download the attachment before it has been marked as read.
I have tried checking and setting various flags and checking whether the folder is open, nothing seems to work. Any solutions?
Update: Thank you for the quick answers, sadly IMAP is not an option due to other reasons.
Consider using IMAP instead - it is designed for client-server interaction.
From RFC1939 (Post Office Protocol - Version 3):
POP3 is not intended to provide
extensive manipulation operations of
mail on the server; normally, mail is
downloaded and then deleted. A more advanced (and complex) protocol, IMAP4, is discussed in RFC1730.
I don't think POP3 is made for multiple simultaneous access.
Ask yourself this: do i really need multiple processes accessing the same mailbox?
If you do, you'll have to find a way to have these processes communicate to each other.
Use a common database or server process to coordinate actions.
IMAP does have more options, but i'm not sure if you can "lock" a single mail to mark it as being processed.
As the others have mentioned, POP3 isn't really intended for this kind of scenario.
If you absolutely have to use POP3, I'd suggest downloading all the e-mail to an intermediate server which sorts the messages and makes them available for each of the other clients.
It sounds like you're just trying to distribute the processing of the e-mails. If that's the case, you can just have each client connect to your intermediate server to retrieve the next available message.
I'm not sure what your constraints are, but you may even want to consider receiving the attachments some other way besides e-mail. If people are uploading files, you could set up a web form that automatically sends each file to the next available instance of your application for processing.
If you need to stay with a POP3 connection, you could keep a local database of previously downloaded message ids. Then new instances could check against that before downloading again. The best solution is just to use IMAP, though, as IMAP is able to set the read/unread flags before downloading.
You could mark the mail as read before starting the download, and then start downloading it.