• Post Reply Bookmark Topic Watch Topic
  • New Topic

Email servlet security

 
Ben Wood
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anybody got any ideas about how to add some level of security to an email servlet which is being used for sending automated emails from applications? If the servlet is accessible via a URL with the email parameters passed as URL parameters then theoretically, if a user knows the format of the URL, they can use the servlet to send email to/from any address they like - which could be used maliciously. What we need is some kind of encrypted key to be passed as a URL parameter that is then decoded and validated in the servlet. The key would need to change for each email so it can't be copied and pasted, and not be decipherable.
Any ideas on a way to do this, I'm a bit stumped I thought maybe the date/time could be used as a seed somehow to generate an 'encrypted' string which the servlet would know how to decode.
Or, could the whole URL be encrypted maybe? I don't know much about this sort of stuff :roll:
[ May 07, 2004: Message edited by: Ben Wood ]
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming you are stuck with an architecture using a request, this email servlet could look at the origin of the request with getRemoteHost / getRemoteAddr and have a list of permitted clients.
I am working with an email servlet that simply serves as a management interface to a Runnable class that picks up email jobs from a designated directory where applications deposit them. There is no way an outside request can generate an email job.
Bill
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!