Security issue...

Hi ,

I developed an application which checks mail(gmail) all the time and alerts me whenever new mail has come. In short its a email notifier or email alerter.

The application uses IMAP protocol .The application opens the connection once and it continously checks whether a new mail has come. My doubt is , since the connection (or port) is opened all the time , is there any chance of security threat. I mean to say , is my connection secured. Is it safe to keep the connection open all the time?

I dont want to open and close the connection every time with short time gaps.
So how far can i rely on this? How to ensure security ? Is security all ready ensured by the protocol?

It can be considered unsafe, as any application could intercept and read those packets. However if you connect to the IMAP over SSL atleast the connection will be encrypted so data taken from the packets are therefore unreadable for most. see here for an example:http://www.jguru.com/faq/view.jsp?EID=329193 and also this:http://www.javaworld.com/javaworld/javatips/jw-javatip115.html and this:http://stackoverflow.com/questions/61176/getting-mail-from-gmail-into-java-application-using-imap and finally here is how to make certificates that are signed etc for the SSL encryption:http://java.sun.com/products/javamail/javamail-1.4.2/SSLNOTES142.txt

Thanks for providing those links. I will definitely look into that.

So even if i use SSL , the data is unreadable but i am worried about the connection too
Since the connection is always open , i.e the gmail account connection is always open , is there any chance of stealing the user name and password (or) the data or the mails.?

Since the port is always open , if anybody scans all the open ports of my system or something similar to that , there may be chance of stealing the password or mails.
So how could i feel secured ? What is the solution?

Thanks

Thanks for providing those links. I will definitely look into that.

So even if i use SSL , the data is unreadable but i am worried about the connection too
Since the connection is always open , i.e the gmail account connection is always open , is there any chance of stealing the user name and password (or) the data or the mails.?

Since the port is always open , if anybody scans all the open ports of my system or something similar to that , there may be chance of stealing the password or mails.
So how could i feel secured ? What is the solution?

Thanks

well with SSL they wouldnt be able to do that, because they can scan the port but all data in this open port is SSl encrypted and needs a certificate from the client before it will be able to send it data that the client can unencrypt

Well , that sounds convincing.

So i can proceed further.

Thanks..

I am improving my app , so here's an another small question .

http://www.daniweb.com/software-development/java/threads/409682

I thought of asking the question here only but since it is a different concept again , i thought of starting the new thread.

Thanks a lot for helping me out..