You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2016/04/05 16:05:16 UTC
svn commit: r1737842 -
/commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java
Author: sebb
Date: Tue Apr 5 14:05:16 2016
New Revision: 1737842
URL: http://svn.apache.org/viewvc?rev=1737842&view=rev
Log:
Alternative password input methods
Modified:
commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java
Modified: commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java?rev=1737842&r1=1737841&r2=1737842&view=diff
==============================================================================
--- commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java (original)
+++ commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java Tue Apr 5 14:05:16 2016
@@ -17,8 +17,12 @@
package examples.mail;
+import java.io.BufferedReader;
+import java.io.Console;
import java.io.IOException;
+import java.io.InputStreamReader;
import java.net.URI;
+import java.util.Locale;
import org.apache.commons.net.ProtocolCommandListener;
import org.apache.commons.net.imap.IMAPClient;
@@ -52,7 +56,38 @@ class IMAPUtils {
}
String username = userpass[0];
- String password = userpass[1]; // TODO enable reading this secretly
+ String password = userpass[1];
+ /*
+ * If the initial password is:
+ * '*' - replace it with a line read from the system console
+ * '-' - replace it with next line from STDIN
+ * 'ABCD' - if the input is all upper case, use the field as an environment variable name
+ *
+ * Note: there are no guarantees that the password cannot be snooped.
+ *
+ * Even using the console may be subject to memory snooping,
+ * however it should be safer than the other methods.
+ *
+ * STDIN may require creating a temporary file which could be read by others
+ * Environment variables may be visible by using PS
+ */
+ if ("-".equals(password)) { // stdin
+ BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
+ password = in.readLine();
+ } else if ("*".equals(password)) { // console
+ Console con = System.console(); // Java 1.6
+ if (con != null) {
+ char[] pwd = con.readPassword("Password for " + username + ": ");
+ password = new String(pwd);
+ } else {
+ throw new IOException("Cannot access Console");
+ }
+ } else if (password.equals(password.toUpperCase(Locale.ROOT))) { // environment variable name
+ final String tmp = System.getenv(password);
+ if (tmp != null) { // don't overwrite if variable does not exist (just in case password is all uppers)
+ password=tmp;
+ }
+ }
final IMAPClient imap;