Security issue...

Question

harinath_2007 56 Posting Whiz

12 Years Ago

Hi ,

I developed an application which checks mail(gmail) all the time and alerts me whenever new mail has come. In short its a email notifier or email alerter.

The application uses IMAP protocol .The application opens the connection once and it continously checks whether a new mail has come. My doubt is , since the connection (or port) is opened all the time , is there any chance of security threat. I mean to say , is my connection secured. Is it safe to keep the connection open all the time?

I dont want to open and close the connection every time with short time gaps.
So how far can i rely on this? How to ensure security ? Is security all ready ensured by the protocol?

java

Edited 12 Years Ago by harinath_2007 because: clear explanation

2 Contributors
4 Replies
126 Views
1 Day Discussion Span
Latest Post 12 Years Ago Latest Post by harinath_2007

DavidKroukamp 105 Master Poster

12 Years Ago

Hi ,
I developed an application which checks mail(gmail) all the time and alerts me whenever new mail has come. In short its a email notifier or email alerter.
The application uses IMAP protocol .The application opens the connection once and it continously checks whether a new mail has come. My doubt is , since the connection (or port) is opened all the time , is there any chance of security threat. I mean to say , is my connection secured. Is it safe to keep the connection open all the time?
I dont want to open and close the connection every time with short time gaps.
So how far can i rely on this? How to ensure security ? Is security all ready ensured by the protocol?

It can be considered unsafe, as any application could intercept and read those packets. However if you connect to the IMAP over SSL atleast the connection will be encrypted so data taken from the packets are therefore unreadable for most. see here for an example:http://www.jguru.com/faq/view.jsp?EID=329193 and also this:http://www.javaworld.com/javaworld/javatips/jw-javatip115.html and this:http://stackoverflow.com/questions/61176/getting-mail-from-gmail-into-java-application-using-imap and finally here is how to make certificates that are signed etc for the SSL encryption:http://java.sun.com/products/javamail/javamail-1.4.2/SSLNOTES142.txt

Edited 12 Years Ago by DavidKroukamp because: n/a

harinath_2007 commented: Thanks for reply :) +6

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

harinath_2007 56 Posting Whiz · Answer 1 · 2012-02-01T18:14:39+00:00

Thanks for providing those links. I will definitely look into that.

So even if i use SSL , the data is unreadable but i am worried about the connection too
Since the connection is always open , i.e the gmail account connection is always open , is there any chance of stealing the user name and password (or) the data or the mails.?

Since the port is always open , if anybody scans all the open ports of my system or something similar to that , there may be chance of stealing the password or mails.
So how could i feel secured ? What is the solution?

Thanks

DavidKroukamp 105 Master Poster Team Colleague Featured Poster · Answer 2 · 2012-02-01T18:21:22+00:00

Thanks for providing those links. I will definitely look into that.
So even if i use SSL , the data is unreadable but i am worried about the connection too
Since the connection is always open , i.e the gmail account connection is always open , is there any chance of stealing the user name and password (or) the data or the mails.?
Since the port is always open , if anybody scans all the open ports of my system or something similar to that , there may be chance of stealing the password or mails.
So how could i feel secured ? What is the solution?

Thanks

well with SSL they wouldnt be able to do that, because they can scan the port but all data in this open port is SSl encrypted and needs a certificate from the client before it will be able to send it data that the client can unencrypt

harinath_2007 56 Posting Whiz · Answer 3 · 2012-02-01T18:37:28+00:00

Well , that sounds convincing.

So i can proceed further.

Thanks..

I am improving my app , so here's an another small question .

http://www.daniweb.com/software-development/java/threads/409682

I thought of asking the question here only but since it is a different concept again , i thought of starting the new thread.

Thanks a lot for helping me out..