aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@twitter.com.INVALID>
Subject Re: H2 database admin console
Date Tue, 16 Sep 2014 17:17:58 GMT
Providing the password directly via the command line seems like it would be
a security issue (anyone who can `ps` on the box could see the password?).
Is there something I'm missing? Would it be possible (and if so, would it
be desirable?) to start up the web console as a user who only has read
access to the database? If we're only worried about someone tinkering with
the data, but not worried about locking down read access that might be a
cleaner solution.

On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner <wfarner@apache.org> wrote:

> Since beginning migration of the internal database to H2, i've wanted to
> include the H2 web console [1] as a means for debugging the internal
> scheduler state.  If we do that, we need to password-protect the database
> to prevent unauthorized tinkering.
>
> Does anybody have a preference for where the scheduler gets that password?
>  The obvious choices are directly on the command line, or from a file
> referenced on the command line.  However, i'm open to ideas i haven't
> thought of.
>
> [1] http://www.h2database.com/html/quickstart.html#h2_console
> (ignore the windows/launching instructions - we will embed it as a servlet)
>
>
> -=Bill
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message