RapidMiner

SMTP Server problem and security issue

RMStaff

SMTP Server problem and security issue

While trying to setup my RapidMiner Server to use the SMTP server of my GMail account (which didn't succeed by the way), I explored the standalone.xml file and found the password to my email in plain text!!

 

This is quite an issue! I won't try to use the SMTP server until my password can be stored safely.

3 REPLIES
RMStaff

Re: SMTP Server problem and security issue

Hi,

 

I let our developers chime in here but if I remember correctly this SMTP service is offered by the application server JBoss itself, not by RapidMiner.  I am afraid there might be not much we can do about this in this case...

 

If this is really the case, you can still protect the file by means of normal read protection using your operating systems capabilities although this is of course not as great.  Alternatively (and this is what we do all the time) it might best to create an SMTP server and a function user just for RapidMiner Server.  You can set it up in a way so that only this function user can use the server from the IP of RM Server.

 

Sorry for the inconvenience, but if I am right (and I am 99% sure) this is unfortunately a problem on side of Red Hat (JBoss).

 

Cheers,

Ingo


How to load processes in XML from the forum into RapidMiner: Read this!
Moderator

Re: SMTP Server problem and security issue

Hi,

 

this is indeed a property of the underlying JBoss Application Server.

You can however use a Java keystore mechanism to move the password in there. However then you can read the keystore because JBoss needs to know the password of the keystore (how else to get the password from it?).

 

So that only moves the security issues. If that's something you prefer, please see this article here: https://developer.jboss.org/wiki/JBossAS7SecuringPasswords

 

Regards,

Marco

_________________________________________________________
Team Lead Software Engineering | RapidMiner GmbH
RMStaff

Re: SMTP Server problem and security issue

Hi Ingo, Marco,

 

I think setting up a local server is a good option, it's something I wanted to try out anyway. Thank you for your answers!