On Sun, 24 Feb 2019 at 05:53, Evgenij Ryazanov <[email protected]> wrote:
> > Yes, there is a way to break “security”. Another user on the same home > computer or terminal server can create an own database, make its file > readable by other users, open H2 Console launched by another user and > connect to it. > TBH, I'm really not that worried about this kind of hole. The Console is a local & debug tool, meant for use by administrators and developers and local users - for example, there is only ever one person logged into my Windows development machine :-) > H2 Console and TCP/PG servers need better security model, we discussed it > some time ago, but it is still not implemented. > > Can you remind me what we discussed? I don't remember that. > We need more intuitive interface for it and reasonable security > configuration by default. Personally I don't think that H2 Console should > allow unlimited access from sessions of other users without explicit > permission from Console's owner. > > > That sounds reasonable to me, but I'm not aware of any way to achieve it, since we're using a local webserver to serve up the UI. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
