This is not really a “hole” in H2, it is an unsafe non-default
configuration that is used in some third-party products.
You have to enable remote access to H2 explicitly, but if you're doing it
you should also set additional restrictions that suit your environment and
needs. -ifExists can be
Fair enough! That sounds to me like the hole that needs to be blocked.
On 10 August 2018 at 07:29, Delta wrote:
> You need admin, but you can gain such privileges by just creating new db
> and for this you dont need to be admin.
>
> чт, 9 авг. 2018 г. в 22:21, Kerry Sainsbury :
>
>> I would say
You need admin, but you can gain such privileges by just creating new db
and for this you dont need to be admin.
чт, 9 авг. 2018 г. в 22:21, Kerry Sainsbury :
> I would say that it can be dealt with by the user already.
>
> 1. Apparently "Admin rights are required to execute this command" --
>
I would say that it can be dealt with by the user already.
1. Apparently "Admin rights are required to execute this command" --
therefore only give admin rights to users who should have them.
2. Also, you can constrain the classes that can be loaded via
h2.allowedClasses
Hi,
See the CVE: Datomic was fixed.
Regards,
Thomas
On Thu, Aug 9, 2018 at 11:36 AM Thomas Mueller Graf <
thomas.tom.muel...@gmail.com> wrote:
> Hi,
>
> > H2 1.4.197, as used in Datomic before 0.9.5697 and other products
>
> I think the point here is "as used in Datomic ... and other
Hi,
> H2 1.4.197, as used in Datomic before 0.9.5697 and other products
I think the point here is "as used in Datomic ... and other products".
You could say that "bash" is vulnerable "as used in ". The
problem to me seems not in H2, but in , that uses H2 in a way
that is not secure.
On Thu,
Is there a schedule for dealing
with https://www.cvedetails.com/cve/CVE-2018-10054/ ?
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to