提交 806d03db authored 作者: Thomas Mueller's avatar Thomas Mueller

--no commit message

--no commit message
上级 927afe2d
......@@ -497,6 +497,7 @@ database files, if they do not have a direct TCP/IP connection.
<h2>Protection against SQL Injection</h2>
<h3>What is SQL Injection</h3>
This database engine provides a solution for the security vulnerability known as 'SQL Injection'.
Here is a short description of what SQL injection means.
Some applications build SQL statements with embedded user input such as:
<pre>
String sql = "SELECT * FROM USERS WHERE PASSWORD='"+pwd+"'";
......
......@@ -90,27 +90,27 @@ Features
<h3>SQL Support</h3>
<ul>
<li>Compatibility modes for HSQLDB, MySQL and PostgreSQL
</li><li>Support for multiple schemas, information schema
<li>Support for multiple schemas, information schema
</li><li>Referential integrity / foreign key constraints with cascade, check constraints
</li><li>Inner and outer joins, subqueries, read only views and inline views
</li><li>Triggers and Java functions / stored procedures
</li><li>Many built-in functions, including XML and lossless data compression
</li><li>Wide range of data types including large objects (BLOB/CLOB)
</li><li>Wide range of data types including large objects (BLOB/CLOB) and arrays
</li><li>Sequence and autoincrement columns, computed columns (can be used for function based indexes)
</li><li>ORDER BY, GROUP BY, HAVING, UNION, LIMIT, TOP
</li><li>Collation support, Users, Roles
</li><li>Collation support, users, roles
</li><li>Compatibility modes for HSQLDB, MySQL and PostgreSQL
</li></ul>
<h3>Security Features</h3>
<ul>
<li>User password authenticated uses SHA-256 and salt
<li>Includes a solution for the SQL injection problem
</li><li>User password authenticated uses SHA-256 and salt
</li><li>User passwords are never transmitted in plain text over the network (even when using insecure connections)
</li><li>All database files (including script files that can be used to backup data) can be encrypted using AES-256 and XTEA encryption algorithms
</li><li>The remote JDBC driver supports TCP/IP connections over SSL/TLS
</li><li>The built-in web server supports connections over SSL/TLS
</li><li>Passwords can be sent to the database using char arrays instead of Strings
</li><li>Includes a solution for the SQL injection problem
</li></ul>
<h3>Other Features and Tools</h3>
......@@ -118,7 +118,7 @@ Features
<li>Small footprint (smaller than 1 MB), low memory requirements
</li><li>Multiple index types (b-tree, tree, hash, linear hash)
</li><li>Support for multi-dimensional indexes
</li><li>CSV file support
</li><li>CSV (comma separated values) file support
</li><li>Support for linked tables, and a built-in virtual 'range' table
</li><li>EXPLAIN PLAN support, sophisticated trace options
</li><li>Database closing can be delayed or disabled to improve the performance
......
......@@ -36,6 +36,15 @@ Hypersonic SQL or HSQLDB. H2 is built from scratch.
<h3>Version 1.0 (Current)</h3>
<h3>Version 1.0 / 2007-TODO</h3><ul>
<li>Linked tables can now emit UPDATE statements if 'EMIT UPDATES' is specified in the CREATE LINKED
TABLE statement. So far, updating a row always deleted the old row and then inserted the new row.
</li><li>In the last release, the H2 Console opened two connection when logging into a database,
and only closed one connection when logging out. Fixed.
</li><li>New functions LEAST and GREATEST to get the smallest or largest value from a list.
</li>
</ul>
<h3>Version 1.0 / 2007-04-29 (Build 46)</h3><ul>
<li>Unnamed private in-memory database (jdbc:h2:mem:) were not 'private' as documented. Fixed.
</li><li>Autocomplete in the Console application: now the result frame scrolls to the top when the list is updated.
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论