Hi, Thomas! You can reproduce this by letting wireshark listen to your localhost traffic (if your remote server is running there). I used a browser with the H2 Console to log in. I did not enable file encryption and also did not specify a SSL connection. So basically its a vanilla setup.
About the embedded statement, I might be wrong on that one. I've produced a small example which uses an embedded database and was not able to intercept packets. This is probably because the embedded database runs inside the same VM, meaning that all traffic stays inside the VM, correct? Most likely, my earlier findings were based on a remote running server as well. Thanks for your time, Jeff I use the iBatis framework to establish a connection. I have On Apr 2, 8:34 pm, Thomas Mueller <[email protected]> wrote: > Hi, > > How do you set the password? Do you set it in the password in the > database URL? Could you provide some sample code how you got the > connection? > > Regards, > Thomas > > On Thu, Apr 2, 2009 at 8:32 PM, Abyric <[email protected]> wrote: > > > The features page mention this: > > > *User passwords are never transmitted in plain text over the network > > (even when using insecure connections) > > > If this applies to remote databases that do not use SSL this statement > > is false. > > > This statement is also false when using a local embedded database. > > > I can proof this by running wireshark and intercept the packets while > > listening on the localhost. The first packet I receive contains the > > username, password and schema. > > > Jeff --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/h2-database?hl=en -~----------~----~----~----~------~----~------~--~---
