Safe storing passwords for user's mailbox

Question

I know there are dozens of topics about storing a passwords in DB, but all of them are missing one approach: what if I want to use this password to authenticate my app to an external service?

Today I'm making a mailbox module to my app and here's where I've bumped a wall. How to store a password to the user's mailbox, so the server of my app can read it from database, make a call to mail server and get messages?

If I'll store it as plain text - it's obvious suicide. If I'll encrypt it (hash) - it's unreversible so I can't properly sign in to mail server.

What to do?? Help please! :)

Thank you in advance and best regards, Tom

If you already store passwords *in* DB, why not store the mail password there too? --- Or did you mean "storing a passwords *for connecting to* DB"? If so, why not store the mail password in the same place as the DB passwords? — Andreas, Nov 19 '18 at 16:38
I am storing a passwords used for app authentication. They are hashed/salted and during the log in - password is hashed/salted on client side and compared with the one stored in DB. That's ok. But... The user can also enter his/hers mail server settings so the mailbox will be read and he/she can read/reply/compose mail etc. And with the password for mailbox I have a problem. — T.Fruba, Nov 19 '18 at 16:44
What I mean by the above is that a app engine is to perform periodic check if there's new mail etc. So the engine needs to call a mail server and introduce itself with username and password entered by user and stored in database. What I'm trying to do here is to avoid storing a plain-text password in database. — T.Fruba, Nov 19 '18 at 16:52
Now I get it :) To be honest - I've always thought it's one, same thing :) — T.Fruba, Nov 19 '18 at 16:57
I've found some info on that. Do you think this will fit my needs? https://stackoverflow.com/questions/10303767/encrypt-and-decrypt-in-java — T.Fruba, Nov 19 '18 at 16:57

Safe storing passwords for user's mailbox

0 Answers0