提交 a4d53d18 authored 作者: Thomas Mueller's avatar Thomas Mueller

Documentation.

上级 94504a09
......@@ -18,7 +18,19 @@ Change Log
<h1>Change Log</h1>
<h2>Next Version (unreleased)</h2>
<ul><li>CREATE FORCE VIEW didn't work in most cases if a referenced table didn't exist.
<ul><li>Password hash: in addition to connecting with the plain text password,
H2 now supports connecting with the password hash.
Like this you don't have to store plain text passwords in config files.
For details, see the documentation at Advanced / Password Hash.
</li><li>Lucene 3.x support was added in the source code, however it is not yet enabled by default
and is not yet supported when using the default h2 jar file. To enable Lucene 3.x support,
the source code of H2 needs to be switched using <code>./build.sh -Dlucene=3 switchSource</code>,
and then re-compile. To switch the source code back use <code>./build.sh -Dlucene=2 switchSource</code> (replace
./build.sh with build.bat on Windows).
The plan is to use Lucene 3 by default in H2 version 1.3.x.
Issue 147.
</li><li>The native fulltext search could cause a Java level deadlock if searching from multiple connections concurrently.
</li><li>CREATE FORCE VIEW didn't work in most cases if a referenced table didn't exist.
</li><li>MVCC: when trying to insert two rows with the same key from two connections,
the second connection immediately threw the exception "Unique index or primary key violation".
Instead, the second connection now waits throwing the exception until the first connection
......
......@@ -73,8 +73,6 @@ Features
Computed Columns / Function Based Index</a><br />
<a href="#multi_dimensional">
Multi-Dimensional Indexes</a><br />
<a href="#passwords">
Using Passwords</a><br />
<a href="#user_defined_functions">
User-Defined Functions and Stored Procedures</a><br />
<a href="#triggers">
......@@ -508,7 +506,7 @@ This is achieved using different database URLs. Settings in the URLs are not cas
</td>
</tr>
<tr>
<td><a href="#passwords">User name and/or password</a></td>
<td><a href="advanced.html#passwords">User name and/or password</a></td>
<td class="notranslate">
jdbc:h2:&lt;url&gt;[;USER=&lt;username&gt;][;PASSWORD=&lt;value&gt;]<br />
jdbc:h2:file:~/sample;USER=sa;PASSWORD=123<br />
......@@ -1370,78 +1368,6 @@ For an example how to use the tool, please have a look at the sample code provid
in <code>TestMultiDimension.java</code>.
</p>
<h2 id="passwords">Using Passwords</h2>
<h3>Using Secure Passwords</h3>
<p>
Remember that weak passwords can be broken regardless of the encryption and security protocols.
Don't use passwords that can be found in a dictionary. Also appending numbers does not make them
secure. A way to create good passwords that can be remembered is, take the first
letters of a sentence, use upper and lower case characters, and creatively include special characters.
Example:
</p><p>
<code>i'sE2rtPiUKtT</code> from the sentence <code>it's easy to remember this password if you know the trick</code>.
</p>
<h3>Passwords: Using Char Arrays instead of Strings</h3>
<p>
Java strings are immutable objects and cannot be safely 'destroyed' by the application.
After creating a string, it will remain in the main memory of the computer at least
until it is garbage collected. The garbage collection cannot be controlled by the application,
and even if it is garbage collected the data may still remain in memory.
It might also be possible that the part of memory containing the password
is swapped to disk (because not enough main memory is available).
</p><p>
An attacker might have access to the swap file of the operating system.
It is therefore a good idea to use char arrays instead of strings to store passwords.
Char arrays can be cleared (filled with zeros) after use, and therefore the
password will not be stored in the swap file.
</p><p>
This database supports using char arrays instead of string to pass user and file passwords.
The following code can be used to do that:
</p>
<pre>
import java.sql.*;
import java.util.*;
public class Test {
public static void main(String[] args) throws Exception {
Class.forName("org.h2.Driver");
String url = "jdbc:h2:~/test";
Properties prop = new Properties();
prop.setProperty("user", "sa");
System.out.print("Password?");
char[] password = System.console().readPassword();
prop.put("password", password);
Connection conn = null;
try {
conn = DriverManager.getConnection(url, prop);
} finally {
Arrays.fill(password, (char) 0);
}
conn.close();
}
}
</pre>
<p>
This example requires Java 1.6.
When using Swing, use <code>javax.swing.JPasswordField</code>.
</p>
<h3>Passing the User Name and/or Password in the URL</h3>
<p>
Instead of passing the user name as a separate parameter as in
<code>
Connection conn = DriverManager.
getConnection("jdbc:h2:~/test", "sa", "123");
</code>
the user name (and/or password) can be supplied in the URL itself:
<code>
Connection conn = DriverManager.
getConnection("jdbc:h2:~/test;USER=sa;PASSWORD=123");
</code>
The settings in the URL override the settings passed as a separate parameter.
</p>
<h2 id="user_defined_functions">User-Defined Functions and Stored Procedures</h2>
<p>
In addition to the built-in functions, this database supports user-defined Java functions.
......
......@@ -38,6 +38,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>Disable h2.databaseToUpper (database short names are converted to uppercase).
</li><li>Enable h2.dropRestrict (default action for DROP is RESTRICT).
Change documentation.
</li><li>Use Lucene 3 by default.
</li></ul>
<h2>Priority 1</h2>
......@@ -516,6 +517,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>Common Table Expression (CTE): support multiple named queries. Issue 220.
</li><li>Common Table Expression (CTE): identifier scope may be incorrect. Issue 222.
</li><li>If a database object was not found in the current schema, but one with the same name existed in another schema, included that in the error message.
</li><li>Optimization to use an index for OR when using multiple keys: where (key1 = ? and key2 = ?) OR (key1 = ? and key2 = ?)
</li></ul>
<h2>Not Planned</h2>
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -44,9 +44,13 @@ public class SwitchSource {
} else if ("-version".equals(a)) {
version = args[++i];
} else if (a.startsWith("-")) {
disable.add(a.substring(1));
String x = a.substring(1);
disable.add(x);
enable.remove(x);
} else if (a.startsWith("+")) {
enable.add(a.substring(1));
String x = a.substring(1);
enable.add(x);
disable.remove(x);
} else {
showUsage();
return;
......
......@@ -654,3 +654,5 @@ stacked unable seeking underflow violations evaluates repeats minimalistic
licensing appreciate textbook diligence undergraduate afaik mathematics chris
arrangements bugfix premain longs majority crashing behaving inst inventor
javaagent park accurately adopt consists night equally enhance enhanced
skiing honor marketing sleeping dlucene timezones shifted analyzed insists
train joining bilingual existed
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论