Metadata: the password of linked tables is now only visible for admin users.

01936aa5 · Thomas Mueller · 0aa8ac13 · 01936aa5 · 01936aa5 · 01936aa5
--- a/h2/src/docsrc/html/changelog.html
+++ b/h2/src/docsrc/html/changelog.html
@@ -18,7 +18,8 @@ Change Log
 <h1>Change Log</h1>

 <h2>Next Version (unreleased)</h2>
-<ul><li>For Windows, database URLs of the form "jdbc:h2:/test" where considered
+<ul><li>Metadata: the password of linked tables is now only visible for admin users.
+</li><li>For Windows, database URLs of the form "jdbc:h2:/test" where considered
    relative and did not work unless the system property "h2.implicitRelativePath" was used.
 </li><li>Follow JDBC specification on Procedures MetaData, use P0 as
    return type of procedure.

--- a/h2/src/main/org/h2/table/MetaTable.java
+++ b/h2/src/main/org/h2/table/MetaTable.java
@@ -40,6 +40,7 @@ import org.h2.index.Index;
 import org.h2.index.IndexType;
 import org.h2.index.MetaIndex;
 import org.h2.index.MultiVersionIndex;
+import org.h2.jdbc.JdbcSQLException;
 import org.h2.message.DbException;
 import org.h2.mvstore.FileStore;
 import org.h2.mvstore.db.MVTableEngine.Store;
@@ -688,6 +689,13 @@ public class MetaTable extends Table {
                    storageType = table.isPersistIndexes() ?
                            "CACHED" : "MEMORY";
                }
+                String sql = table.getCreateSQL();
+                if (!admin) {
+                    if (sql != null && sql.indexOf(JdbcSQLException.HIDE_SQL) >= 0) {
+                        // hide the password of linked tables
+                        sql = "-";
+                    }
+                }
                add(rows,
                        // TABLE_CATALOG
                        catalog,
@@ -700,7 +708,7 @@ public class MetaTable extends Table {
                        // STORAGE_TYPE
                        storageType,
                        // SQL
-                        table.getCreateSQL(),
+                        sql,
                        // REMARKS
                        replaceNullWithEmpty(table.getComment()),
                        // LAST_MODIFICATION
@@ -1236,7 +1244,7 @@ public class MetaTable extends Table {
                FunctionAlias alias = (FunctionAlias) aliasAsSchemaObject;
                for (FunctionAlias.JavaMethod method : alias.getJavaMethods()) {
                    // Add return column index 0
-                    if(method.getDataType() != Value.NULL) {
+                    if (method.getDataType() != Value.NULL) {
                        DataType dt = DataType.getDataType(method.getDataType());
                        add(rows,
                                // ALIAS_CATALOG

--- a/h2/src/test/org/h2/test/db/TestRights.java
+++ b/h2/src/test/org/h2/test/db/TestRights.java
@@ -35,6 +35,7 @@ public class TestRights extends TestBase {

    @Override
    public void test() throws SQLException {
+        testLinkedTableMeta();
        testGrantMore();
        testOpenNonAdminWithMode();
        testDisallowedTables();
@@ -47,6 +48,47 @@ public class TestRights extends TestBase {
        testSchemaAdminRole();
        deleteDb("rights");
    }
+    
+    private void testLinkedTableMeta() throws SQLException {
+        deleteDb("rights");
+        Connection conn = getConnection("rights");
+        stat = conn.createStatement();
+        stat.execute("create user test password 'test'");
+        stat.execute("create linked table test" + 
+                "(null, 'jdbc:h2:mem:', 'sa', 'sa', 'DUAL')");
+        // password is invisible to non-admin
+        Connection conn2 = getConnection(
+                "rights", "test", getPassword("test"));
+        Statement stat2 = conn2.createStatement();
+        ResultSet rs = stat2.executeQuery(
+                "select * from information_schema.tables " + 
+                "where table_name = 'TEST'");
+        assertTrue(rs.next());
+        ResultSetMetaData meta = rs.getMetaData();
+        for (int i = 1; i <= meta.getColumnCount(); i++) {
+            String s = rs.getString(i);
+            assertFalse(s != null && s.indexOf("'sa'") >= 0);
+        }
+        conn2.close();
+        // password is visible to admin
+        rs = stat.executeQuery(
+                "select * from information_schema.tables " + 
+                "where table_name = 'TEST'");
+        assertTrue(rs.next());
+        meta = rs.getMetaData();
+        boolean foundPassword = false;
+        for (int i = 1; i <= meta.getColumnCount(); i++) {
+            String s = rs.getString(i);
+            if (s != null && s.indexOf("'sa'") >= 0) {
+                foundPassword = true;
+            }
+        }
+        assertTrue(foundPassword);
+        conn2.close();
+        
+        stat.execute("drop table test");
+        conn.close();
+    }

    private void testGrantMore() throws SQLException {
        deleteDb("rights");