提交 89dfa0e0 authored 作者: Thomas Mueller's avatar Thomas Mueller

Changes to prepare for version 1.4.x beta

上级 279d0515
...@@ -1706,10 +1706,9 @@ CASE WHEN CNT<10 THEN 'Low' ELSE 'High' END ...@@ -1706,10 +1706,9 @@ CASE WHEN CNT<10 THEN 'Low' ELSE 'High' END
" "
"Other Grammar","Cipher"," "Other Grammar","Cipher","
{ AES | XTEA } AES
"," ","
Two algorithms are supported: AES (""AES-128"") and XTEA (using 32 rounds). Only the algorithm AES (""AES-128"") is supported currently.
XTEA is a bit faster than AES in some environments, but AES is more secure.
"," ","
AES AES
" "
...@@ -2914,7 +2913,7 @@ SIGN(VALUE) ...@@ -2914,7 +2913,7 @@ SIGN(VALUE)
ENCRYPT(algorithmString, keyBytes, dataBytes) ENCRYPT(algorithmString, keyBytes, dataBytes)
"," ","
Encrypts data using a key. Encrypts data using a key.
Supported algorithms are XTEA and AES. The supported algorithm is AES.
The block size is 16 bytes. The block size is 16 bytes.
This method returns bytes. This method returns bytes.
"," ","
...@@ -2925,7 +2924,7 @@ CALL ENCRYPT('AES', '00', STRINGTOUTF8('Test')) ...@@ -2925,7 +2924,7 @@ CALL ENCRYPT('AES', '00', STRINGTOUTF8('Test'))
DECRYPT(algorithmString, keyBytes, dataBytes) DECRYPT(algorithmString, keyBytes, dataBytes)
"," ","
Decrypts data using a key. Decrypts data using a key.
Supported algorithms are XTEA and AES. The supported algorithm is AES.
The block size is 16 bytes. The block size is 16 bytes.
This method returns bytes. This method returns bytes.
"," ","
......
...@@ -1274,11 +1274,7 @@ then the iteration count is not required at all. ...@@ -1274,11 +1274,7 @@ then the iteration count is not required at all.
<h3>File Encryption</h3> <h3>File Encryption</h3>
<p> <p>
The database files can be encrypted using two different algorithms: AES-128 and The database files can be encrypted using the AES-128 algorithm.
XTEA (using 32 rounds). The reasons for supporting XTEA is performance
(XTEA is a bit faster as AES in some environments) and to have an alternative algorithm if AES is suddenly broken.
Please note that the XTEA implementation used in this database only uses 32 rounds
and not 64 rounds as recommended by its inventor (as of 2010, the best known attack is on 27 rounds).
</p><p> </p><p>
When a user tries to connect to an encrypted database, the combination of When a user tries to connect to an encrypted database, the combination of
<code>file@</code> and the file password is hashed using SHA-256. This hash value is <code>file@</code> and the file password is hashed using SHA-256. This hash value is
...@@ -1290,8 +1286,8 @@ The combination of the file password hash and the salt value is hashed 1024 time ...@@ -1290,8 +1286,8 @@ The combination of the file password hash and the salt value is hashed 1024 time
using SHA-256. The reason for the iteration is to make it harder for an attacker to using SHA-256. The reason for the iteration is to make it harder for an attacker to
calculate hash values for common passwords. calculate hash values for common passwords.
</p><p> </p><p>
The resulting hash value is used as the key for the block cipher algorithm The resulting hash value is used as the key for the block cipher algorithm.
(AES-128 or XTEA with 32 rounds). Then, an initialization vector (IV) key Then, an initialization vector (IV) key
is calculated by hashing the key again using SHA-256. is calculated by hashing the key again using SHA-256.
This is to make sure the IV is unknown to the attacker. This is to make sure the IV is unknown to the attacker.
The reason for using a secret IV is to protect against watermark attacks. The reason for using a secret IV is to protect against watermark attacks.
...@@ -1299,7 +1295,7 @@ The reason for using a secret IV is to protect against watermark attacks. ...@@ -1299,7 +1295,7 @@ The reason for using a secret IV is to protect against watermark attacks.
Before saving a block of data (each block is 8 bytes long), the following operations are executed: Before saving a block of data (each block is 8 bytes long), the following operations are executed:
first, the IV is calculated by encrypting the block number with the IV key (using the same first, the IV is calculated by encrypting the block number with the IV key (using the same
block cipher algorithm). This IV is combined with the plain text using XOR. The resulting data is block cipher algorithm). This IV is combined with the plain text using XOR. The resulting data is
encrypted using the AES-128 or XTEA algorithm. encrypted using the AES-128 algorithm.
</p><p> </p><p>
When decrypting, the operation is done in reverse. First, the block is decrypted using the key, When decrypting, the operation is done in reverse. First, the block is decrypted using the key,
and then the IV is calculated combined with the decrypted text using XOR. and then the IV is calculated combined with the decrypted text using XOR.
...@@ -1315,7 +1311,7 @@ When he has write access, he can for example replace pieces of files with pieces ...@@ -1315,7 +1311,7 @@ When he has write access, he can for example replace pieces of files with pieces
and manipulate data like this. and manipulate data like this.
</p><p> </p><p>
File encryption slows down the performance of the database engine. Compared to unencrypted mode, File encryption slows down the performance of the database engine. Compared to unencrypted mode,
database operations take about 2.2 times longer when using XTEA, and 2.5 times longer using AES (embedded mode). database operations take about 2.5 times longer using AES (embedded mode).
</p> </p>
<h3>Wrong Password / User Name Delay</h3> <h3>Wrong Password / User Name Delay</h3>
...@@ -1717,11 +1713,6 @@ OR X = 2 OR X = 2 OR X = 2 OR X = 2 OR X = 2 ...@@ -1717,11 +1713,6 @@ OR X = 2 OR X = 2 OR X = 2 OR X = 2 OR X = 2
<a href="http://java.sun.com/products/jsse/">Java Secure Socket <a href="http://java.sun.com/products/jsse/">Java Secure Socket
Extension (JSSE)</a></td> Extension (JSSE)</a></td>
</tr> </tr>
<tr>
<td>XTEA</td>
<td>A block encryption algorithm. See also: <a
href="http://en.wikipedia.org/wiki/XTEA">Wikipedia: XTEA</a></td>
</tr>
</table> </table>
<!-- [close] { --></div></td></tr></table><!-- } --><!-- analytics --></body></html> <!-- [close] { --></div></td></tr></table><!-- } --><!-- analytics --></body></html>
...@@ -18,7 +18,8 @@ Change Log ...@@ -18,7 +18,8 @@ Change Log
<h1>Change Log</h1> <h1>Change Log</h1>
<h2>Next Version (unreleased)</h2> <h2>Next Version (unreleased)</h2>
<ul><li>If a value of a result set was itself a result set, the result <ul><li>The stack trace of the exception "The object is already closed" is no longer logged by default.
</li><li>If a value of a result set was itself a result set, the result
could only be read once. could only be read once.
</li><li>Column constraints are also visible in views (patch from Nicolas Fortin for H2GIS). </li><li>Column constraints are also visible in views (patch from Nicolas Fortin for H2GIS).
</li><li>Granting a additional right to a role that already had a right for that table was not working. </li><li>Granting a additional right to a role that already had a right for that table was not working.
......
...@@ -103,7 +103,7 @@ Features ...@@ -103,7 +103,7 @@ Features
</li><li>Cost based optimizer, using a genetic algorithm for complex queries, zero-administration </li><li>Cost based optimizer, using a genetic algorithm for complex queries, zero-administration
</li><li>Scrollable and updatable result set support, large result set, external result sorting, </li><li>Scrollable and updatable result set support, large result set, external result sorting,
functions can return a result set functions can return a result set
</li><li>Encrypted database (AES or XTEA), SHA-256 password encryption, encryption functions, SSL </li><li>Encrypted database (AES), SHA-256 password encryption, encryption functions, SSL
</li></ul> </li></ul>
<h3>SQL Support</h3> <h3>SQL Support</h3>
...@@ -130,7 +130,7 @@ Features ...@@ -130,7 +130,7 @@ Features
(even when using insecure connections; this only applies to the TCP server and not to the H2 Console however; (even when using insecure connections; this only applies to the TCP server and not to the H2 Console however;
it also doesn't apply if you set the password in the database URL) it also doesn't apply if you set the password in the database URL)
</li><li>All database files (including script files that can be used to backup data) can be </li><li>All database files (including script files that can be used to backup data) can be
encrypted using AES-128 and XTEA encryption algorithms encrypted using the AES-128 encryption algorithm
</li><li>The remote JDBC driver supports TCP/IP connections over SSL/TLS </li><li>The remote JDBC driver supports TCP/IP connections over SSL/TLS
</li><li>The built-in web server supports connections over SSL/TLS </li><li>The built-in web server supports connections over SSL/TLS
</li><li>Passwords can be sent to the database using char arrays instead of Strings </li><li>Passwords can be sent to the database using char arrays instead of Strings
...@@ -497,16 +497,16 @@ This is achieved using different database URLs. Settings in the URLs are not cas ...@@ -497,16 +497,16 @@ This is achieved using different database URLs. Settings in the URLs are not cas
<tr> <tr>
<td><a href="#file_encryption">Using encrypted files</a></td> <td><a href="#file_encryption">Using encrypted files</a></td>
<td class="notranslate"> <td class="notranslate">
jdbc:h2:&lt;url&gt;;CIPHER=[AES|XTEA]<br /> jdbc:h2:&lt;url&gt;;CIPHER=AES<br />
jdbc:h2:ssl://localhost/~/test;CIPHER=AES<br /> jdbc:h2:ssl://localhost/~/test;CIPHER=AES<br />
jdbc:h2:file:~/secure;CIPHER=XTEA<br /> jdbc:h2:file:~/secure;CIPHER=AES<br />
</td> </td>
</tr> </tr>
<tr> <tr>
<td><a href="#database_file_locking">File locking methods</a></td> <td><a href="#database_file_locking">File locking methods</a></td>
<td class="notranslate"> <td class="notranslate">
jdbc:h2:&lt;url&gt;;FILE_LOCK={FILE|SOCKET|NO}<br /> jdbc:h2:&lt;url&gt;;FILE_LOCK={FILE|SOCKET|NO}<br />
jdbc:h2:file:~/private;CIPHER=XTEA;FILE_LOCK=SOCKET<br /> jdbc:h2:file:~/private;CIPHER=AES;FILE_LOCK=SOCKET<br />
</td> </td>
</tr> </tr>
<tr> <tr>
...@@ -641,7 +641,7 @@ To keep the content of an in-memory database as long as the virtual machine is a ...@@ -641,7 +641,7 @@ To keep the content of an in-memory database as long as the virtual machine is a
<h2 id="file_encryption">Database Files Encryption</h2> <h2 id="file_encryption">Database Files Encryption</h2>
<p> <p>
The database files can be encrypted. Two encryption algorithms are supported: AES and XTEA. The database files can be encrypted. Two encryption algorithm AES is supported.
To use file encryption, you need to specify the encryption algorithm (the 'cipher') To use file encryption, you need to specify the encryption algorithm (the 'cipher')
and the file password (in addition to the user password) when connecting to the database. and the file password (in addition to the user password) when connecting to the database.
</p> </p>
......
...@@ -24,6 +24,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>. ...@@ -24,6 +24,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
<h2>Version 1.5.x: Planned Changes</h2> <h2>Version 1.5.x: Planned Changes</h2>
<ul><li>Replace file password hash with file encryption key; validate encryption key when connecting. <ul><li>Replace file password hash with file encryption key; validate encryption key when connecting.
</li><li>Remove the encryption algorithm XTEA.
</li></ul> </li></ul>
<h2>Version 1.4.x: Planned Changes</h2> <h2>Version 1.4.x: Planned Changes</h2>
...@@ -31,16 +32,15 @@ See also <a href="build.html#providing_patches">Providing Patches</a>. ...@@ -31,16 +32,15 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>Enable the new storage format for dates (system property "h2.storeLocalTime"). </li><li>Enable the new storage format for dates (system property "h2.storeLocalTime").
Document time literals: between minus 2 million and 2 million hours with nanosecond resolution. Document time literals: between minus 2 million and 2 million hours with nanosecond resolution.
</li><li>Remove the old connection pool logic (system property "h2.fastConnectionPool"). </li><li>Remove the old connection pool logic (system property "h2.fastConnectionPool").
</li><li>Enable "h2.modifyOnWrite". </li><li>Disable implicit relative paths (system property "h2.implicitRelativePath").
</li><li>Enable Mode.supportOffsetFetch by default, so that "select 1 fetch first 1 row only" works. </li><li>Enable Mode.supportOffsetFetch by default, so that "select 1 fetch first 1 row only" works.
</li><li>Whether byte arrays should be sorted in unsigned mode
(old behavior: x'99' is smaller than x'09').
(System property "h2.sortBinaryUnsigned", Mode.binaryUnsigned).
</li><li>The default user name should be an empty string and not "sa". </li><li>The default user name should be an empty string and not "sa".
</li><li>Deprecate Csv.getInstance() (use the public constructor instead). </li><li>Deprecate Csv.getInstance() (use the public constructor instead).
</li><li>Move ErrorCode class to org.h2.api.
</li><li>Deprecate the encryption algorithm XTEA.
</li><li>Sort order for byte arrays: currently x'99' is smaller than x'09', which is unexpected. Change if possible.
</li><li>Remove support for the old-style outer join syntax using "(+)" because it is buggy. </li><li>Remove support for the old-style outer join syntax using "(+)" because it is buggy.
</li><li>Change license to MPL 2.0. </li><li>Change license to MPL 2.0.
</li><li>Not allow relative database URLs like jdbc:h2:test; instead, require using jdbc:h2:./test.
</li><li>Document that FILE_LOCK=SERIALIZED is not supported with the MVStore mode. </li><li>Document that FILE_LOCK=SERIALIZED is not supported with the MVStore mode.
</li></ul> </li></ul>
......
差异被折叠。
...@@ -8,7 +8,8 @@ package org.h2.command; ...@@ -8,7 +8,8 @@ package org.h2.command;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.ArrayList; import java.util.ArrayList;
import org.h2.constant.ErrorCode;
import org.h2.api.ErrorCode;
import org.h2.engine.Constants; import org.h2.engine.Constants;
import org.h2.engine.Database; import org.h2.engine.Database;
import org.h2.engine.Session; import org.h2.engine.Session;
......
...@@ -8,8 +8,8 @@ package org.h2.command; ...@@ -8,8 +8,8 @@ package org.h2.command;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import org.h2.constant.SysProperties;
import org.h2.engine.SessionRemote; import org.h2.engine.SessionRemote;
import org.h2.engine.SysProperties;
import org.h2.expression.ParameterInterface; import org.h2.expression.ParameterInterface;
import org.h2.expression.ParameterRemote; import org.h2.expression.ParameterRemote;
import org.h2.message.DbException; import org.h2.message.DbException;
......
...@@ -15,6 +15,8 @@ import java.nio.charset.Charset; ...@@ -15,6 +15,8 @@ import java.nio.charset.Charset;
import java.text.Collator; import java.text.Collator;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
import org.h2.api.ErrorCode;
import org.h2.api.Trigger; import org.h2.api.Trigger;
import org.h2.command.ddl.AlterIndexRename; import org.h2.command.ddl.AlterIndexRename;
import org.h2.command.ddl.AlterSchemaRename; import org.h2.command.ddl.AlterSchemaRename;
...@@ -80,7 +82,6 @@ import org.h2.command.dml.Set; ...@@ -80,7 +82,6 @@ import org.h2.command.dml.Set;
import org.h2.command.dml.SetTypes; import org.h2.command.dml.SetTypes;
import org.h2.command.dml.TransactionCommand; import org.h2.command.dml.TransactionCommand;
import org.h2.command.dml.Update; import org.h2.command.dml.Update;
import org.h2.constant.ErrorCode;
import org.h2.constraint.ConstraintReferential; import org.h2.constraint.ConstraintReferential;
import org.h2.engine.Constants; import org.h2.engine.Constants;
import org.h2.engine.Database; import org.h2.engine.Database;
...@@ -180,7 +181,7 @@ public class Parser { ...@@ -180,7 +181,7 @@ public class Parser {
private final Database database; private final Database database;
private final Session session; private final Session session;
/** /**
* @see org.h2.constant.DbSettings#databaseToUpper * @see org.h2.engine.DbSettings#databaseToUpper
*/ */
private final boolean identifiersToUpper; private final boolean identifiersToUpper;
......
...@@ -8,7 +8,7 @@ package org.h2.command; ...@@ -8,7 +8,7 @@ package org.h2.command;
import java.util.ArrayList; import java.util.ArrayList;
import org.h2.api.DatabaseEventListener; import org.h2.api.DatabaseEventListener;
import org.h2.constant.ErrorCode; import org.h2.api.ErrorCode;
import org.h2.engine.Database; import org.h2.engine.Database;
import org.h2.engine.Session; import org.h2.engine.Session;
import org.h2.expression.Expression; import org.h2.expression.Expression;
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论