smtp authentication and username/password vulnerability in jsp

Hello,

I'm using a jsp to connect to an smtp server which requires authentication.

So I am setting the username and password for the smtp server right in that jsp page.However, what if someone downloads the jsp page? They'll see my password right there in plain text. I could write a servlet and store compiled code only on the web server. But what if someone downloads the .class file and decompiles it? Will they see my username and password then?

How can I provide username and password for smtp authentication inside the jsp page or servlet, and at the same time guarantee that this username and password will not be discovered by the users?

Thanks!

Elana

[700 byte] By [sselena911a] at [2007-10-3 2:56:45]

«« Configuring JFormattedTextField
»» Problem with Java Long datatype

# 1

Normally you can't download the source to a JSP page. The server

interprets the request for the JSP page and executes the page, producing

the output.

Likewise, normally your class files will be stored in a location that is not

accessible to clients, e.g., in the WEB-INF directory.

bshannona at 2007-7-14 20:46:02 >

top of Java-index,Enterprise & Remote Computing,Enterprise Technologies...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

smtp authentication and username/password vulnerability in jsp

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified