提交 01936aa5 authored 作者: Thomas Mueller's avatar Thomas Mueller

Metadata: the password of linked tables is now only visible for admin users.

上级 0aa8ac13
......@@ -18,7 +18,8 @@ Change Log
<h1>Change Log</h1>
<h2>Next Version (unreleased)</h2>
<ul><li>For Windows, database URLs of the form "jdbc:h2:/test" where considered
<ul><li>Metadata: the password of linked tables is now only visible for admin users.
</li><li>For Windows, database URLs of the form "jdbc:h2:/test" where considered
relative and did not work unless the system property "h2.implicitRelativePath" was used.
</li><li>Follow JDBC specification on Procedures MetaData, use P0 as
return type of procedure.
......
......@@ -40,6 +40,7 @@ import org.h2.index.Index;
import org.h2.index.IndexType;
import org.h2.index.MetaIndex;
import org.h2.index.MultiVersionIndex;
import org.h2.jdbc.JdbcSQLException;
import org.h2.message.DbException;
import org.h2.mvstore.FileStore;
import org.h2.mvstore.db.MVTableEngine.Store;
......@@ -688,6 +689,13 @@ public class MetaTable extends Table {
storageType = table.isPersistIndexes() ?
"CACHED" : "MEMORY";
}
String sql = table.getCreateSQL();
if (!admin) {
if (sql != null && sql.indexOf(JdbcSQLException.HIDE_SQL) >= 0) {
// hide the password of linked tables
sql = "-";
}
}
add(rows,
// TABLE_CATALOG
catalog,
......@@ -700,7 +708,7 @@ public class MetaTable extends Table {
// STORAGE_TYPE
storageType,
// SQL
table.getCreateSQL(),
sql,
// REMARKS
replaceNullWithEmpty(table.getComment()),
// LAST_MODIFICATION
......@@ -1236,7 +1244,7 @@ public class MetaTable extends Table {
FunctionAlias alias = (FunctionAlias) aliasAsSchemaObject;
for (FunctionAlias.JavaMethod method : alias.getJavaMethods()) {
// Add return column index 0
if(method.getDataType() != Value.NULL) {
if (method.getDataType() != Value.NULL) {
DataType dt = DataType.getDataType(method.getDataType());
add(rows,
// ALIAS_CATALOG
......
......@@ -35,6 +35,7 @@ public class TestRights extends TestBase {
@Override
public void test() throws SQLException {
testLinkedTableMeta();
testGrantMore();
testOpenNonAdminWithMode();
testDisallowedTables();
......@@ -47,6 +48,47 @@ public class TestRights extends TestBase {
testSchemaAdminRole();
deleteDb("rights");
}
private void testLinkedTableMeta() throws SQLException {
deleteDb("rights");
Connection conn = getConnection("rights");
stat = conn.createStatement();
stat.execute("create user test password 'test'");
stat.execute("create linked table test" +
"(null, 'jdbc:h2:mem:', 'sa', 'sa', 'DUAL')");
// password is invisible to non-admin
Connection conn2 = getConnection(
"rights", "test", getPassword("test"));
Statement stat2 = conn2.createStatement();
ResultSet rs = stat2.executeQuery(
"select * from information_schema.tables " +
"where table_name = 'TEST'");
assertTrue(rs.next());
ResultSetMetaData meta = rs.getMetaData();
for (int i = 1; i <= meta.getColumnCount(); i++) {
String s = rs.getString(i);
assertFalse(s != null && s.indexOf("'sa'") >= 0);
}
conn2.close();
// password is visible to admin
rs = stat.executeQuery(
"select * from information_schema.tables " +
"where table_name = 'TEST'");
assertTrue(rs.next());
meta = rs.getMetaData();
boolean foundPassword = false;
for (int i = 1; i <= meta.getColumnCount(); i++) {
String s = rs.getString(i);
if (s != null && s.indexOf("'sa'") >= 0) {
foundPassword = true;
}
}
assertTrue(foundPassword);
conn2.close();
stat.execute("drop table test");
conn.close();
}
private void testGrantMore() throws SQLException {
deleteDb("rights");
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论