Hello. Users of application server and users of database are not related in any way.
If you use H2 Console servlet in production server, you must add a security constraint for it, otherwise you can create a security hole in your system, especially if you use some old version of H2. It looks like you didn't add it. Sample configuration is here, scroll it down to “Using the H2 Console Servlet” section: https://h2database.com/html/tutorial.html#web_applications In this configuration you can specify role name to restrict access to users with the specified role. In Apache Tomcat with default settings you can add users to tomcat-users.xml, but you can have some other source of users on your server if you configured it. With such security constraint browsers will ask users for username and password. These users can be logged to journal of web server. After authorization to application server users will need to login again into database itself by providing JDBC URL, username, and password. Web server knows nothing about this procedure and can't log its details. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/h2-database/a8eb2491-5e4b-4a39-8ca8-24f83dd67d12o%40googlegroups.com.
