Hello Thomas, Thank you for your answer.
Actually, what we need is, the database file are not easily dumped and/or read (the content) without someone knows the user password. Could we achieve this without using encryption? What we are worrying about: when the storage device is stolen, someone can easily read the data inside database file. For example, only using notepad and knows all the contents, or using H2 tools and easily dump the data even without supply the user password. Please advise. Thank you, andy On Tue, 24 May 2011 01:51:47 +0700 Thomas Mueller <[email protected]> wrote: >Hi, > >The server mode is most common way to restrict access. > >> 5. Since we are all newbie, we also consider to put the file >> encryption key into the java source, but somebody told us that >the >> java class can be decompiled and obfuscating is no help. > >Yes, that's true. Well, if all users need access to all data then >they >_need_ to have the password to read the data... either they know >the >password, or the password is stored in the application (which can >be >de-compiled - I would call that 'obfuscation' and not >'encryption'). > >Another option (even more complicated however, and slower) is to >split >the data into multiple databases, based on user groups. So if you >have >user groups 'guest', 'registered', and 'superuser', the guest >would >only have access to database1 (which might or might not be >encrypted). >A registered user would have access to database1 as well as >database2 >(which is encrypted). The superusers would also know the file >encryption password for database3. Each database (1, 2, 3) would >contain a set of tables. The tables could be linked (linked >tables) so >you don't have to change the application much. But as I said this >is >even more complicated. Also, it wouldn't protect you from a >'guest' >user to delete the database file, except if you also mirror the >access >rights on the file system level. > >Regards, >Thomas > >-- >You received this message because you are subscribed to the Google >Groups "H2 Database" group. >To post to this group, send email to [email protected]. >To unsubscribe from this group, send email to h2- >[email protected]. >For more options, visit this group at >http://groups.google.com/group/h2-database?hl=en. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/h2-database?hl=en.
