fix password disclosure when a connection is performed to an old server

h2/src/main/org/h2/engine/ConnectionInfo.java

@@ -95,7 +95,7 @@ public class ConnectionInfo implements Cloneable {
                 "IFEXISTS", "INIT", "PASSWORD", "RECOVER", "RECOVER_TEST",
                 "USER", "AUTO_SERVER", "AUTO_SERVER_PORT", "NO_UPGRADE",
                 "AUTO_RECONNECT", "OPEN_NEW", "PAGE_SIZE", "PASSWORD_HASH", "JMX",
-                "SCOPE_GENERATED_KEYS", "AUTHREALM", "_PASSWORD" };
+                "SCOPE_GENERATED_KEYS", "AUTHREALM", "AUTHZPWD" };
         HashSet<String> set = new HashSet<>(128);
         set.addAll(SetTypes.getTypes());
         for (String key : connectionTime) {
@@ -276,7 +276,7 @@ public class ConnectionInfo implements Cloneable {
 
     private void preservePasswordForAuthentication(Object password) {
         if ((!isRemote() || isSSL()) &&  prop.containsKey("AUTHREALM") && password!=null) {
-            prop.put("_PASSWORD",password);
+            prop.put("AUTHZPWD",password);
         }
     }
     
@@ -666,6 +666,6 @@ public class ConnectionInfo implements Cloneable {
 
     public void cleanAuthenticationInfo() {
         removeProperty("AUTHREALM", false);
-        removeProperty("_PASSWORD", false);
+        removeProperty("AUTHZPWD", false);
     }
 }

h2/src/main/org/h2/security/auth/AuthenticationInfo.java

@@ -30,7 +30,7 @@ public class AuthenticationInfo {
         if (this.realm!=null) {
             this.realm=StringUtils.toUpperEnglish(this.realm);
         }
-        this.password = connectionInfo.getProperty("_PASSWORD", null);
+        this.password = connectionInfo.getProperty("AUTHZPWD", null);
     }
 
     public String getUserName() {