Mail push

OX App Suite middleware provides the capability to send push notifications to certain clients about new Mails (Configurable with com.openexchange.push.allowedClients).

There are two approaches to access the underlying mail server to receive information about changes to send such notifications. First is a global accessibility with a master password (com.openexchange.mail.masterPassword) which gives OX App Suite middleware full access if the mail server provides an appropriate account. Second way is to use the users credentials. This comes with a bit more effort, since OX App Suite middleware only holds the users credentials in a session, when currently logged in.

This is not sufficient for push notifications to registered clients. To have access to the users mailbox OX App Suite middleware needs to have access to the users mail credentials. This must be enabled by com.openexchange.push.credstorage.enabled. The credentials are either stored in memory (default) or in the database (com.openexchange.push.credstorage.rdb). In both cases, the credentials are obfuscated by a mandatory given passcrypt (com.openexchange.push.credstorage.passcrypt).

The recommended way to handle this is by having a master password for the database. Configuring storage of the users credentials must be an explicit decision by the operator and comes with the described security limitations.