• Post Reply Bookmark Topic Watch Topic
  • New Topic

-Dmail.debug option shows Exchange Server User Password  RSS feed

 
swap Inam
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

For any java application using Java Mail API and using "pop3" protocol,
if we give -Dmail.debug JVM option then it shows the password for
the mail server user. The SUN sample programs that we get with the
JavaMail API also shows the password with -Dmail.debug option.

Is this the right behaviour ? Anybody ever came across this before ?
Any comments ? Is there any way to hide the password ?

Thanks
SI
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any way to hide the password ?

Yes: turn off the debug option

Seriously, seeing the password is useful for development or debugging, but for production use, that option should not be sued.
 
swap Inam
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But evenif we don't give option -Dmail.debug, anybody can give that option, suppose we distribute say Z.JAR to customer, which uses JavaMail API with the BAT or SH file to run with command say "java -cp "..." Z.JAR",
anybody with some knowledge of Java and Java Mail API can modify,
this BAT or SH file to read as "java -Dmail.debug=true -cp ".." Z.JAR
and see the password

Isn't it possible ???
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The only password the user would see is his own, which he knows already.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!