I have an application that uses Common Mail (Java Mail). There is this line:
email.setAuthenticator(new DefaultAuthenticator("emailAdress", "password"));
Now i´m hardcoding these parameters but i want that emailAdress and password can be changed and readed from a database or config file. The application has a method to change the parameters.
My answer is: where should i store the parameters? My first option is to store them in a database but if i store the password hashed for example with MD5, i can´t recover the original one when i need it.
Another option is to store them in a file configuration in the server. If i want to change the email adress and the password, i only have to edit the configuration file.
What do you think? Thanks.
The correct answer depends on how paranoid you are about security.
For example, you may want to store the credentials encrypted in a file or database, and only decrypt them at runtime just before you need them. But of course that requires you to decide how to handle the key that encrypts and decrypts the credentials. It can't be turtles all the way down. A more complete answer is beyond the scope of stackoverflow.