You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2016/04/05 16:05:16 UTC

svn commit: r1737842 - /commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java

Author: sebb
Date: Tue Apr  5 14:05:16 2016
New Revision: 1737842

URL: http://svn.apache.org/viewvc?rev=1737842&view=rev
Log:
Alternative password input methods

Modified:
    commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java

Modified: commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java?rev=1737842&r1=1737841&r2=1737842&view=diff
==============================================================================
--- commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java (original)
+++ commons/proper/net/trunk/src/main/java/examples/mail/IMAPUtils.java Tue Apr  5 14:05:16 2016
@@ -17,8 +17,12 @@
 
 package examples.mail;
 
+import java.io.BufferedReader;
+import java.io.Console;
 import java.io.IOException;
+import java.io.InputStreamReader;
 import java.net.URI;
+import java.util.Locale;
 
 import org.apache.commons.net.ProtocolCommandListener;
 import org.apache.commons.net.imap.IMAPClient;
@@ -52,7 +56,38 @@ class IMAPUtils {
         }
 
         String username = userpass[0];
-        String password = userpass[1]; // TODO enable reading this secretly
+        String password = userpass[1];
+        /*
+         * If the initial password is:
+         * '*' - replace it with a line read from the system console
+         * '-' - replace it with next line from STDIN
+         * 'ABCD' - if the input is all upper case, use the field as an environment variable name
+         *
+         * Note: there are no guarantees that the password cannot be snooped.
+         *
+         * Even using the console may be subject to memory snooping,
+         * however it should be safer than the other methods.
+         *
+         * STDIN may require creating a temporary file which could be read by others
+         * Environment variables may be visible by using PS
+         */
+        if ("-".equals(password)) { // stdin
+            BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
+            password = in.readLine();
+        } else if ("*".equals(password)) { // console
+            Console con = System.console(); // Java 1.6
+            if (con != null) {
+                char[] pwd = con.readPassword("Password for " + username + ": ");
+                password = new String(pwd);
+            } else {
+                throw new IOException("Cannot access Console");
+            }
+        } else if (password.equals(password.toUpperCase(Locale.ROOT))) { // environment variable name
+            final String tmp = System.getenv(password);
+            if (tmp != null) { // don't overwrite if variable does not exist (just in case password is all uppers)
+                password=tmp;
+            }
+        }
 
         final IMAPClient imap;