aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@twitter.com.INVALID>
Subject Re: H2 database admin console
Date Tue, 16 Sep 2014 17:58:14 GMT
A property file sounds fine to me, my concern was with passing a raw
password as a command line arg. That being said, if we can obviate the need
for a password... even better.

On Tue, Sep 16, 2014 at 10:54 AM, Maxim Khutornenko <maxim@apache.org>
wrote:

> +1 on the command-line approach. There was a bit of a debate around it
> when it was proposed for the framework auth but its simplicity
> outweighed potential security concerns.
>
> On Tue, Sep 16, 2014 at 10:34 AM, Kevin Sweeney <kevints@apache.org>
> wrote:
> > There's precedent to take secrets as a properties file on the
> command-line
> > (-framework_authentication_file), my vote is that we follow that.
> >
> > On Tue, Sep 16, 2014 at 10:17 AM, Joshua Cohen
> <jcohen@twitter.com.invalid>
> > wrote:
> >
> >> Providing the password directly via the command line seems like it
> would be
> >> a security issue (anyone who can `ps` on the box could see the
> password?).
> >> Is there something I'm missing? Would it be possible (and if so, would
> it
> >> be desirable?) to start up the web console as a user who only has read
> >> access to the database? If we're only worried about someone tinkering
> with
> >> the data, but not worried about locking down read access that might be a
> >> cleaner solution.
> >>
> >> On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner <wfarner@apache.org>
> wrote:
> >>
> >> > Since beginning migration of the internal database to H2, i've wanted
> to
> >> > include the H2 web console [1] as a means for debugging the internal
> >> > scheduler state.  If we do that, we need to password-protect the
> database
> >> > to prevent unauthorized tinkering.
> >> >
> >> > Does anybody have a preference for where the scheduler gets that
> >> password?
> >> >  The obvious choices are directly on the command line, or from a file
> >> > referenced on the command line.  However, i'm open to ideas i haven't
> >> > thought of.
> >> >
> >> > [1] http://www.h2database.com/html/quickstart.html#h2_console
> >> > (ignore the windows/launching instructions - we will embed it as a
> >> servlet)
> >> >
> >> >
> >> > -=Bill
> >> >
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message