Hello, New to H2 and Java, and need some advises, mostly on security.
1. We are developing simple application that accessing data from Windows share (SMB). The H2 database is shared with write access and we are using embedded H2 connection with AUTO_SERVER set to true. 2. With everyone has access to the database file (and being able to log in to database, because user login = database login), we are worry about the data being dumped and copied out. So, we plan to use encryption (AES cipher). 3. However, using AES, user will need to supply file encryption key along with his/her password to database (<filepwd><space><userpwd>). So, in the login form, we have to supply 3 fields: username: _____ encryption key: _____ password: _____ It will be wierd :( 4. And, what's the point of encryption if everyone knows the file encryption key? So, one can change the encryption method and probably dump the data. 5. Since we are all newbie, we also consider to put the file encryption key into the java source, but somebody told us that the java class can be decompiled and obfuscating is no help. 6. We are also considering TCP server (also with encryption), and it will make the deployment more complicated. But we will go this way if users do not have to enter file encryption password everytime he/she connects to database. Please advise. Best regards, Andy -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/h2-database?hl=en.
