Hi
How can I protect the JAMES javax.mail.Session? The problem is that my java application (or an other), which is on the same machine like JAMES, can access the JAMES javax.mail.Session. How? Session session = Session.getDefaultInstance(props, null); The JavaMail 1.2 Specification says in the chapter 5: The Mail Session: "The first call to the getDefaultInstance method creates a new Session object and associates it with the Authenticator object. Subsequent calls to the getDefaultInstance method compare the Authenticator object passed in with the Authenticator object saved in the default session. Access to the default session is allowed if both objects have been loaded by the same class loader. Typically, this is the case when both the default session creator and the program requesting default session access are in the same "security domain." Also, if both objects are null, access is allowed. Using null to gain access is discouraged, because this allows access to the default session from any security domain." I think "security domain" can mean JVM. My application requires JAMES therefore JAMES will be started first. => The first call to the getDefaultInstance method creates a new Session object. Then my application will be started. => Subsequent calls to the getDefaultInstance method get the default session from James if the authenticator is null. Now, how can I protect the JAMES javax.mail.Session? Or have I understood something completely wrong? Or is this a bug? Thanx, for your time? Bye Michi
