Hi, The server mode is most common way to restrict access.
> 5. Since we are all newbie, we also consider to put the file > encryption key into the java source, but somebody told us that the > java class can be decompiled and obfuscating is no help. Yes, that's true. Well, if all users need access to all data then they _need_ to have the password to read the data... either they know the password, or the password is stored in the application (which can be de-compiled - I would call that 'obfuscation' and not 'encryption'). Another option (even more complicated however, and slower) is to split the data into multiple databases, based on user groups. So if you have user groups 'guest', 'registered', and 'superuser', the guest would only have access to database1 (which might or might not be encrypted). A registered user would have access to database1 as well as database2 (which is encrypted). The superusers would also know the file encryption password for database3. Each database (1, 2, 3) would contain a set of tables. The tables could be linked (linked tables) so you don't have to change the application much. But as I said this is even more complicated. Also, it wouldn't protect you from a 'guest' user to delete the database file, except if you also mirror the access rights on the file system level. Regards, Thomas -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/h2-database?hl=en.
