开发者

Connect to gmail (using imap and javamail) with encrypted password

开发者 https://www.devze.com 2023-02-15 03:03 出处:网络
I\'m tryi开发者_运维百科ng to connect to gmail using a simple java program (like this one). But my question is:

I'm tryi开发者_运维百科ng to connect to gmail using a simple java program (like this one). But my question is:

Is there a way to do this with encrypted password and not the real password, for security reasons of course!! something like how we do in java-Oracle db ?


By default, the only authentication mechanism for IMAP is the LOGIN command, which takes an unencrypted username and password. You can add an encryption layer on top of it, either by connecting via IMAPs or starting a TLS layer via the STARTTLS command, but it still requires the client to know the cleartext password.

A server can optionally also provide SASL authentication methods invokable via the AUTHENTICATE command. The server advertises which SASL mechanisms it supports in its response to the CAPABILITY command. For instance, if the server includes the capability "AUTH=PLAIN", the client can use the PLAIN SASL authentication method via the AUTHENTICATE PLAIN IMAP command.

Gmail supports only one SASL authentication mechanism, XOAUTH:

C: 1 capability
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY
      SASL-IR AUTH=XOAUTH
S: 1 OK Thats all she wrote! dv32if2169247ibb.17

XOAUTH is a nonstandard SASL authentication mechanism using OAuth. (The leading 'X' means it's not standardized.) Google has published a document defining the XOAUTH SASL mechanism. They've also provided a google-mail-xoauth-tools package, which includes sample code showing how to use JavaMail with Gmail via XOAUTH.

0

精彩评论

暂无评论...
验证码 换一张
取 消