aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Khutornenko <ma...@apache.org>
Subject Re: H2 database admin console
Date Tue, 16 Sep 2014 17:54:53 GMT
+1 on the command-line approach. There was a bit of a debate around it
when it was proposed for the framework auth but its simplicity
outweighed potential security concerns.

On Tue, Sep 16, 2014 at 10:34 AM, Kevin Sweeney <kevints@apache.org> wrote:
> There's precedent to take secrets as a properties file on the command-line
> (-framework_authentication_file), my vote is that we follow that.
>
> On Tue, Sep 16, 2014 at 10:17 AM, Joshua Cohen <jcohen@twitter.com.invalid>
> wrote:
>
>> Providing the password directly via the command line seems like it would be
>> a security issue (anyone who can `ps` on the box could see the password?).
>> Is there something I'm missing? Would it be possible (and if so, would it
>> be desirable?) to start up the web console as a user who only has read
>> access to the database? If we're only worried about someone tinkering with
>> the data, but not worried about locking down read access that might be a
>> cleaner solution.
>>
>> On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner <wfarner@apache.org> wrote:
>>
>> > Since beginning migration of the internal database to H2, i've wanted to
>> > include the H2 web console [1] as a means for debugging the internal
>> > scheduler state.  If we do that, we need to password-protect the database
>> > to prevent unauthorized tinkering.
>> >
>> > Does anybody have a preference for where the scheduler gets that
>> password?
>> >  The obvious choices are directly on the command line, or from a file
>> > referenced on the command line.  However, i'm open to ideas i haven't
>> > thought of.
>> >
>> > [1] http://www.h2database.com/html/quickstart.html#h2_console
>> > (ignore the windows/launching instructions - we will embed it as a
>> servlet)
>> >
>> >
>> > -=Bill
>> >
>>

Mime
View raw message