What are the standard solutions for sending "secure" e-mail to users over the public Internet?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   neal_ravindran
Posted On:   Thursday, May 15, 2003 04:32 AM

What are the standard solutions for sending "secure" e-mail to users over the public Internet? My web application is a J2EE app.

Re: What are the standard solutions for sending "secure" e-mail to users over the public Internet?

Posted By:   Eugene_Kuleshov  
Posted On:   Thursday, May 15, 2003 05:39 AM

There is JavaMail API for any kind of e-mail interation (including SMTP, POP3 and IMAP). The number of JavaMail providers are available.



To make your emailing secure you should analyse the entire flow from the sender to receiver. Each step should be secuer enough to keep the entire system secure. Probably the most challenging tasks are to keep communication to the mail server secure and to ensure that nobody read your emails during the time they are being delivered through internet and also task not exacltly related to mailing, but ensure that your application iself have no holes.



For secure communication you may use SSL-based tunelling as decribed in my article.



For encrypting and signing emails you may consider to look at PGP or S/MIME. There is number of S/MIME handlers available. Most of them are from commercial vendors such as RSA, Wedgetail, IAIK, etc. But there is a good one for free from Bouncy Castle team.



And the most tricky thing is to review your entire J2EE application for security holes. Unfortunately there is no common way and you should consider to hire an expert.
About | Sitemap | Contact