12-17-2016 07:03 AM
While trying to setup my RapidMiner Server to use the SMTP server of my GMail account (which didn't succeed by the way), I explored the standalone.xml file and found the password to my email in plain text!!
This is quite an issue! I won't try to use the SMTP server until my password can be stored safely.
12-18-2016 01:22 PM
I let our developers chime in here but if I remember correctly this SMTP service is offered by the application server JBoss itself, not by RapidMiner. I am afraid there might be not much we can do about this in this case...
If this is really the case, you can still protect the file by means of normal read protection using your operating systems capabilities although this is of course not as great. Alternatively (and this is what we do all the time) it might best to create an SMTP server and a function user just for RapidMiner Server. You can set it up in a way so that only this function user can use the server from the IP of RM Server.
Sorry for the inconvenience, but if I am right (and I am 99% sure) this is unfortunately a problem on side of Red Hat (JBoss).
12-19-2016 07:04 AM
this is indeed a property of the underlying JBoss Application Server.
You can however use a Java keystore mechanism to move the password in there. However then you can read the keystore because JBoss needs to know the password of the keystore (how else to get the password from it?).
So that only moves the security issues. If that's something you prefer, please see this article here: https://developer.jboss.org/wiki/JBossAS7SecuringPasswords