Here is my case: six hardware devices send their data to six email addresses (this part is not under my control). I need to retrieve this data in a command-line application. Since I hear everywhere that storing clear-text passwords in a database or in code is bad practice, I would like to ask a user to enter the password for each email once, and store it hashed in a database. I use SSL to encrypt traffic between my application and the mail server.
Therefore, my question is: with these hashed passwords, how do I use Javax to retrieve emails? With clear text, I can do this:
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("USER","PASSWORD");
}
});
However, judging from the docs, PasswordAuthentication only works with clear text. What do I do with hashed passwords?
You can't. If you could, they would be just as good as a clear text password.
You might want to consider OAuth2 authentication, if your server supports it.