Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
为 GitLab 提交贡献
登录/注册
切换导航
H
h2database
项目
项目
详情
活动
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分枝图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
折叠边栏
关闭边栏
活动
分枝图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
Administrator
h2database
Commits
89dfa0e0
提交
89dfa0e0
authored
3月 28, 2014
作者:
Thomas Mueller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Changes to prepare for version 1.4.x beta
上级
279d0515
全部展开
显示空白字符变更
内嵌
并排
正在显示
10 个修改的文件
包含
2017 行增加
和
36 行删除
+2017
-36
help.csv
h2/src/docsrc/help/help.csv
+4
-5
advanced.html
h2/src/docsrc/html/advanced.html
+5
-14
changelog.html
h2/src/docsrc/html/changelog.html
+2
-1
features.html
h2/src/docsrc/html/features.html
+6
-6
roadmap.html
h2/src/docsrc/html/roadmap.html
+5
-5
ErrorCode.java
h2/src/main/org/h2/api/ErrorCode.java
+1988
-0
Command.java
h2/src/main/org/h2/command/Command.java
+2
-1
CommandRemote.java
h2/src/main/org/h2/command/CommandRemote.java
+1
-1
Parser.java
h2/src/main/org/h2/command/Parser.java
+3
-2
Prepared.java
h2/src/main/org/h2/command/Prepared.java
+1
-1
没有找到文件。
h2/src/docsrc/help/help.csv
浏览文件 @
89dfa0e0
...
@@ -1706,10 +1706,9 @@ CASE WHEN CNT<10 THEN 'Low' ELSE 'High' END
...
@@ -1706,10 +1706,9 @@ CASE WHEN CNT<10 THEN 'Low' ELSE 'High' END
"
"
"Other Grammar","Cipher","
"Other Grammar","Cipher","
{ AES | XTEA }
AES
","
","
Two algorithms are supported: AES (""AES-128"") and XTEA (using 32 rounds).
Only the algorithm AES (""AES-128"") is supported currently.
XTEA is a bit faster than AES in some environments, but AES is more secure.
","
","
AES
AES
"
"
...
@@ -2914,7 +2913,7 @@ SIGN(VALUE)
...
@@ -2914,7 +2913,7 @@ SIGN(VALUE)
ENCRYPT(algorithmString, keyBytes, dataBytes)
ENCRYPT(algorithmString, keyBytes, dataBytes)
","
","
Encrypts data using a key.
Encrypts data using a key.
Supported algorithms are XTEA and
AES.
The supported algorithm is
AES.
The block size is 16 bytes.
The block size is 16 bytes.
This method returns bytes.
This method returns bytes.
","
","
...
@@ -2925,7 +2924,7 @@ CALL ENCRYPT('AES', '00', STRINGTOUTF8('Test'))
...
@@ -2925,7 +2924,7 @@ CALL ENCRYPT('AES', '00', STRINGTOUTF8('Test'))
DECRYPT(algorithmString, keyBytes, dataBytes)
DECRYPT(algorithmString, keyBytes, dataBytes)
","
","
Decrypts data using a key.
Decrypts data using a key.
Supported algorithms are XTEA and
AES.
The supported algorithm is
AES.
The block size is 16 bytes.
The block size is 16 bytes.
This method returns bytes.
This method returns bytes.
","
","
...
...
h2/src/docsrc/html/advanced.html
浏览文件 @
89dfa0e0
...
@@ -1274,11 +1274,7 @@ then the iteration count is not required at all.
...
@@ -1274,11 +1274,7 @@ then the iteration count is not required at all.
<h3>
File Encryption
</h3>
<h3>
File Encryption
</h3>
<p>
<p>
The database files can be encrypted using two different algorithms: AES-128 and
The database files can be encrypted using the AES-128 algorithm.
XTEA (using 32 rounds). The reasons for supporting XTEA is performance
(XTEA is a bit faster as AES in some environments) and to have an alternative algorithm if AES is suddenly broken.
Please note that the XTEA implementation used in this database only uses 32 rounds
and not 64 rounds as recommended by its inventor (as of 2010, the best known attack is on 27 rounds).
</p><p>
</p><p>
When a user tries to connect to an encrypted database, the combination of
When a user tries to connect to an encrypted database, the combination of
<code>
file@
</code>
and the file password is hashed using SHA-256. This hash value is
<code>
file@
</code>
and the file password is hashed using SHA-256. This hash value is
...
@@ -1290,8 +1286,8 @@ The combination of the file password hash and the salt value is hashed 1024 time
...
@@ -1290,8 +1286,8 @@ The combination of the file password hash and the salt value is hashed 1024 time
using SHA-256. The reason for the iteration is to make it harder for an attacker to
using SHA-256. The reason for the iteration is to make it harder for an attacker to
calculate hash values for common passwords.
calculate hash values for common passwords.
</p><p>
</p><p>
The resulting hash value is used as the key for the block cipher algorithm
The resulting hash value is used as the key for the block cipher algorithm
.
(AES-128 or XTEA with 32 rounds).
Then, an initialization vector (IV) key
Then, an initialization vector (IV) key
is calculated by hashing the key again using SHA-256.
is calculated by hashing the key again using SHA-256.
This is to make sure the IV is unknown to the attacker.
This is to make sure the IV is unknown to the attacker.
The reason for using a secret IV is to protect against watermark attacks.
The reason for using a secret IV is to protect against watermark attacks.
...
@@ -1299,7 +1295,7 @@ The reason for using a secret IV is to protect against watermark attacks.
...
@@ -1299,7 +1295,7 @@ The reason for using a secret IV is to protect against watermark attacks.
Before saving a block of data (each block is 8 bytes long), the following operations are executed:
Before saving a block of data (each block is 8 bytes long), the following operations are executed:
first, the IV is calculated by encrypting the block number with the IV key (using the same
first, the IV is calculated by encrypting the block number with the IV key (using the same
block cipher algorithm). This IV is combined with the plain text using XOR. The resulting data is
block cipher algorithm). This IV is combined with the plain text using XOR. The resulting data is
encrypted using the AES-128
or XTEA
algorithm.
encrypted using the AES-128 algorithm.
</p><p>
</p><p>
When decrypting, the operation is done in reverse. First, the block is decrypted using the key,
When decrypting, the operation is done in reverse. First, the block is decrypted using the key,
and then the IV is calculated combined with the decrypted text using XOR.
and then the IV is calculated combined with the decrypted text using XOR.
...
@@ -1315,7 +1311,7 @@ When he has write access, he can for example replace pieces of files with pieces
...
@@ -1315,7 +1311,7 @@ When he has write access, he can for example replace pieces of files with pieces
and manipulate data like this.
and manipulate data like this.
</p><p>
</p><p>
File encryption slows down the performance of the database engine. Compared to unencrypted mode,
File encryption slows down the performance of the database engine. Compared to unencrypted mode,
database operations take about 2.
2 times longer when using XTEA, and 2.
5 times longer using AES (embedded mode).
database operations take about 2.5 times longer using AES (embedded mode).
</p>
</p>
<h3>
Wrong Password / User Name Delay
</h3>
<h3>
Wrong Password / User Name Delay
</h3>
...
@@ -1717,11 +1713,6 @@ OR X = 2 OR X = 2 OR X = 2 OR X = 2 OR X = 2
...
@@ -1717,11 +1713,6 @@ OR X = 2 OR X = 2 OR X = 2 OR X = 2 OR X = 2
<a
href=
"http://java.sun.com/products/jsse/"
>
Java Secure Socket
<a
href=
"http://java.sun.com/products/jsse/"
>
Java Secure Socket
Extension (JSSE)
</a></td>
Extension (JSSE)
</a></td>
</tr>
</tr>
<tr>
<td>
XTEA
</td>
<td>
A block encryption algorithm. See also:
<a
href=
"http://en.wikipedia.org/wiki/XTEA"
>
Wikipedia: XTEA
</a></td>
</tr>
</table>
</table>
<!-- [close] { -->
</div></td></tr></table>
<!-- } --><!-- analytics -->
</body></html>
<!-- [close] { -->
</div></td></tr></table>
<!-- } --><!-- analytics -->
</body></html>
h2/src/docsrc/html/changelog.html
浏览文件 @
89dfa0e0
...
@@ -18,7 +18,8 @@ Change Log
...
@@ -18,7 +18,8 @@ Change Log
<h1>
Change Log
</h1>
<h1>
Change Log
</h1>
<h2>
Next Version (unreleased)
</h2>
<h2>
Next Version (unreleased)
</h2>
<ul><li>
If a value of a result set was itself a result set, the result
<ul><li>
The stack trace of the exception "The object is already closed" is no longer logged by default.
</li><li>
If a value of a result set was itself a result set, the result
could only be read once.
could only be read once.
</li><li>
Column constraints are also visible in views (patch from Nicolas Fortin for H2GIS).
</li><li>
Column constraints are also visible in views (patch from Nicolas Fortin for H2GIS).
</li><li>
Granting a additional right to a role that already had a right for that table was not working.
</li><li>
Granting a additional right to a role that already had a right for that table was not working.
...
...
h2/src/docsrc/html/features.html
浏览文件 @
89dfa0e0
...
@@ -103,7 +103,7 @@ Features
...
@@ -103,7 +103,7 @@ Features
</li><li>
Cost based optimizer, using a genetic algorithm for complex queries, zero-administration
</li><li>
Cost based optimizer, using a genetic algorithm for complex queries, zero-administration
</li><li>
Scrollable and updatable result set support, large result set, external result sorting,
</li><li>
Scrollable and updatable result set support, large result set, external result sorting,
functions can return a result set
functions can return a result set
</li><li>
Encrypted database (AES
or XTEA
), SHA-256 password encryption, encryption functions, SSL
</li><li>
Encrypted database (AES), SHA-256 password encryption, encryption functions, SSL
</li></ul>
</li></ul>
<h3>
SQL Support
</h3>
<h3>
SQL Support
</h3>
...
@@ -130,7 +130,7 @@ Features
...
@@ -130,7 +130,7 @@ Features
(even when using insecure connections; this only applies to the TCP server and not to the H2 Console however;
(even when using insecure connections; this only applies to the TCP server and not to the H2 Console however;
it also doesn't apply if you set the password in the database URL)
it also doesn't apply if you set the password in the database URL)
</li><li>
All database files (including script files that can be used to backup data) can be
</li><li>
All database files (including script files that can be used to backup data) can be
encrypted using
AES-128 and XTEA encryption algorithms
encrypted using
the AES-128 encryption algorithm
</li><li>
The remote JDBC driver supports TCP/IP connections over SSL/TLS
</li><li>
The remote JDBC driver supports TCP/IP connections over SSL/TLS
</li><li>
The built-in web server supports connections over SSL/TLS
</li><li>
The built-in web server supports connections over SSL/TLS
</li><li>
Passwords can be sent to the database using char arrays instead of Strings
</li><li>
Passwords can be sent to the database using char arrays instead of Strings
...
@@ -497,16 +497,16 @@ This is achieved using different database URLs. Settings in the URLs are not cas
...
@@ -497,16 +497,16 @@ This is achieved using different database URLs. Settings in the URLs are not cas
<tr>
<tr>
<td><a
href=
"#file_encryption"
>
Using encrypted files
</a></td>
<td><a
href=
"#file_encryption"
>
Using encrypted files
</a></td>
<td
class=
"notranslate"
>
<td
class=
"notranslate"
>
jdbc:h2:
<
url
>
;CIPHER=
[AES|XTEA]
<br
/>
jdbc:h2:
<
url
>
;CIPHER=
AES
<br
/>
jdbc:h2:ssl://localhost/~/test;CIPHER=AES
<br
/>
jdbc:h2:ssl://localhost/~/test;CIPHER=AES
<br
/>
jdbc:h2:file:~/secure;CIPHER=
XTEA
<br
/>
jdbc:h2:file:~/secure;CIPHER=
AES
<br
/>
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td><a
href=
"#database_file_locking"
>
File locking methods
</a></td>
<td><a
href=
"#database_file_locking"
>
File locking methods
</a></td>
<td
class=
"notranslate"
>
<td
class=
"notranslate"
>
jdbc:h2:
<
url
>
;FILE_LOCK={FILE|SOCKET|NO}
<br
/>
jdbc:h2:
<
url
>
;FILE_LOCK={FILE|SOCKET|NO}
<br
/>
jdbc:h2:file:~/private;CIPHER=
XTEA
;FILE_LOCK=SOCKET
<br
/>
jdbc:h2:file:~/private;CIPHER=
AES
;FILE_LOCK=SOCKET
<br
/>
</td>
</td>
</tr>
</tr>
<tr>
<tr>
...
@@ -641,7 +641,7 @@ To keep the content of an in-memory database as long as the virtual machine is a
...
@@ -641,7 +641,7 @@ To keep the content of an in-memory database as long as the virtual machine is a
<h2
id=
"file_encryption"
>
Database Files Encryption
</h2>
<h2
id=
"file_encryption"
>
Database Files Encryption
</h2>
<p>
<p>
The database files can be encrypted. Two encryption algorithm
s are supported: AES and XTEA
.
The database files can be encrypted. Two encryption algorithm
AES is supported
.
To use file encryption, you need to specify the encryption algorithm (the 'cipher')
To use file encryption, you need to specify the encryption algorithm (the 'cipher')
and the file password (in addition to the user password) when connecting to the database.
and the file password (in addition to the user password) when connecting to the database.
</p>
</p>
...
...
h2/src/docsrc/html/roadmap.html
浏览文件 @
89dfa0e0
...
@@ -24,6 +24,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
...
@@ -24,6 +24,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
<h2>
Version 1.5.x: Planned Changes
</h2>
<h2>
Version 1.5.x: Planned Changes
</h2>
<ul><li>
Replace file password hash with file encryption key; validate encryption key when connecting.
<ul><li>
Replace file password hash with file encryption key; validate encryption key when connecting.
</li><li>
Remove the encryption algorithm XTEA.
</li></ul>
</li></ul>
<h2>
Version 1.4.x: Planned Changes
</h2>
<h2>
Version 1.4.x: Planned Changes
</h2>
...
@@ -31,16 +32,15 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
...
@@ -31,16 +32,15 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>
Enable the new storage format for dates (system property "h2.storeLocalTime").
</li><li>
Enable the new storage format for dates (system property "h2.storeLocalTime").
Document time literals: between minus 2 million and 2 million hours with nanosecond resolution.
Document time literals: between minus 2 million and 2 million hours with nanosecond resolution.
</li><li>
Remove the old connection pool logic (system property "h2.fastConnectionPool").
</li><li>
Remove the old connection pool logic (system property "h2.fastConnectionPool").
</li><li>
Enable "h2.modifyOnWrite"
.
</li><li>
Disable implicit relative paths (system property "h2.implicitRelativePath")
.
</li><li>
Enable Mode.supportOffsetFetch by default, so that "select 1 fetch first 1 row only" works.
</li><li>
Enable Mode.supportOffsetFetch by default, so that "select 1 fetch first 1 row only" works.
</li><li>
Whether byte arrays should be sorted in unsigned mode
(old behavior: x'99' is smaller than x'09').
(System property "h2.sortBinaryUnsigned", Mode.binaryUnsigned).
</li><li>
The default user name should be an empty string and not "sa".
</li><li>
The default user name should be an empty string and not "sa".
</li><li>
Deprecate Csv.getInstance() (use the public constructor instead).
</li><li>
Deprecate Csv.getInstance() (use the public constructor instead).
</li><li>
Move ErrorCode class to org.h2.api.
</li><li>
Deprecate the encryption algorithm XTEA.
</li><li>
Sort order for byte arrays: currently x'99' is smaller than x'09', which is unexpected. Change if possible.
</li><li>
Remove support for the old-style outer join syntax using "(+)" because it is buggy.
</li><li>
Remove support for the old-style outer join syntax using "(+)" because it is buggy.
</li><li>
Change license to MPL 2.0.
</li><li>
Change license to MPL 2.0.
</li><li>
Not allow relative database URLs like jdbc:h2:test; instead, require using jdbc:h2:./test.
</li><li>
Document that FILE_LOCK=SERIALIZED is not supported with the MVStore mode.
</li><li>
Document that FILE_LOCK=SERIALIZED is not supported with the MVStore mode.
</li></ul>
</li></ul>
...
...
h2/src/main/org/h2/api/ErrorCode.java
0 → 100644
浏览文件 @
89dfa0e0
差异被折叠。
点击展开。
h2/src/main/org/h2/command/Command.java
浏览文件 @
89dfa0e0
...
@@ -8,7 +8,8 @@ package org.h2.command;
...
@@ -8,7 +8,8 @@ package org.h2.command;
import
java.sql.SQLException
;
import
java.sql.SQLException
;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
org.h2.constant.ErrorCode
;
import
org.h2.api.ErrorCode
;
import
org.h2.engine.Constants
;
import
org.h2.engine.Constants
;
import
org.h2.engine.Database
;
import
org.h2.engine.Database
;
import
org.h2.engine.Session
;
import
org.h2.engine.Session
;
...
...
h2/src/main/org/h2/command/CommandRemote.java
浏览文件 @
89dfa0e0
...
@@ -8,8 +8,8 @@ package org.h2.command;
...
@@ -8,8 +8,8 @@ package org.h2.command;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
org.h2.constant.SysProperties
;
import
org.h2.engine.SessionRemote
;
import
org.h2.engine.SessionRemote
;
import
org.h2.engine.SysProperties
;
import
org.h2.expression.ParameterInterface
;
import
org.h2.expression.ParameterInterface
;
import
org.h2.expression.ParameterRemote
;
import
org.h2.expression.ParameterRemote
;
import
org.h2.message.DbException
;
import
org.h2.message.DbException
;
...
...
h2/src/main/org/h2/command/Parser.java
浏览文件 @
89dfa0e0
...
@@ -15,6 +15,8 @@ import java.nio.charset.Charset;
...
@@ -15,6 +15,8 @@ import java.nio.charset.Charset;
import
java.text.Collator
;
import
java.text.Collator
;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
java.util.HashSet
;
import
java.util.HashSet
;
import
org.h2.api.ErrorCode
;
import
org.h2.api.Trigger
;
import
org.h2.api.Trigger
;
import
org.h2.command.ddl.AlterIndexRename
;
import
org.h2.command.ddl.AlterIndexRename
;
import
org.h2.command.ddl.AlterSchemaRename
;
import
org.h2.command.ddl.AlterSchemaRename
;
...
@@ -80,7 +82,6 @@ import org.h2.command.dml.Set;
...
@@ -80,7 +82,6 @@ import org.h2.command.dml.Set;
import
org.h2.command.dml.SetTypes
;
import
org.h2.command.dml.SetTypes
;
import
org.h2.command.dml.TransactionCommand
;
import
org.h2.command.dml.TransactionCommand
;
import
org.h2.command.dml.Update
;
import
org.h2.command.dml.Update
;
import
org.h2.constant.ErrorCode
;
import
org.h2.constraint.ConstraintReferential
;
import
org.h2.constraint.ConstraintReferential
;
import
org.h2.engine.Constants
;
import
org.h2.engine.Constants
;
import
org.h2.engine.Database
;
import
org.h2.engine.Database
;
...
@@ -180,7 +181,7 @@ public class Parser {
...
@@ -180,7 +181,7 @@ public class Parser {
private
final
Database
database
;
private
final
Database
database
;
private
final
Session
session
;
private
final
Session
session
;
/**
/**
* @see org.h2.
constant
.DbSettings#databaseToUpper
* @see org.h2.
engine
.DbSettings#databaseToUpper
*/
*/
private
final
boolean
identifiersToUpper
;
private
final
boolean
identifiersToUpper
;
...
...
h2/src/main/org/h2/command/Prepared.java
浏览文件 @
89dfa0e0
...
@@ -8,7 +8,7 @@ package org.h2.command;
...
@@ -8,7 +8,7 @@ package org.h2.command;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
org.h2.api.DatabaseEventListener
;
import
org.h2.api.DatabaseEventListener
;
import
org.h2.
constant
.ErrorCode
;
import
org.h2.
api
.ErrorCode
;
import
org.h2.engine.Database
;
import
org.h2.engine.Database
;
import
org.h2.engine.Session
;
import
org.h2.engine.Session
;
import
org.h2.expression.Expression
;
import
org.h2.expression.Expression
;
...
...
编写
预览
Markdown
格式
0%
重试
或
添加新文件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
请先完成此评论的编辑!
取消
请
注册
或者
登录
后发表评论