提交 a4d53d18 authored 作者: Thomas Mueller's avatar Thomas Mueller

Documentation.

上级 94504a09
...@@ -980,10 +980,10 @@ Sometimes the database password needs to be stored in a configuration file ...@@ -980,10 +980,10 @@ Sometimes the database password needs to be stored in a configuration file
(for example in the <code>web.xml</code> file). (for example in the <code>web.xml</code> file).
In addition to connecting with the plain text password, In addition to connecting with the plain text password,
this database supports connecting with the password hash. this database supports connecting with the password hash.
This means that only the hash of the password (and not the plain text password) This means that only the hash of the password (and not the plain text password)
needs to be stored in the configuration file. needs to be stored in the configuration file.
This will only protect others from reading or re-constructing the plain text password This will only protect others from reading or re-constructing the plain text password
(even if they have access to the configuration file); (even if they have access to the configuration file);
it does not protect others from accessing the database using the password hash. it does not protect others from accessing the database using the password hash.
</p> </p>
<p> <p>
...@@ -993,7 +993,7 @@ the password with the password hash. To calculate the password hash from a plain ...@@ -993,7 +993,7 @@ the password with the password hash. To calculate the password hash from a plain
run the following command within the H2 Console tool: run the following command within the H2 Console tool:
<code>@password_hash &lt;upperCaseUserName&gt; &lt;password&gt;</code>. <code>@password_hash &lt;upperCaseUserName&gt; &lt;password&gt;</code>.
As an example, if the user name is <code>sa</code> and the password is As an example, if the user name is <code>sa</code> and the password is
<code>test</code>, run the command <code>test</code>, run the command
<code>@password_hash SA test</code>. <code>@password_hash SA test</code>.
Then use the resulting password hash as you would use the plain text password. Then use the resulting password hash as you would use the plain text password.
When using an encrypted database, then the user password and file password When using an encrypted database, then the user password and file password
...@@ -1440,7 +1440,7 @@ This database has the following known limitations: ...@@ -1440,7 +1440,7 @@ This database has the following known limitations:
<ul> <ul>
<li>Database file size limit: <li>Database file size limit:
4 TB (using the default page size of 2 KB) or higher (when using a larger page size). 4 TB (using the default page size of 2 KB) or higher (when using a larger page size).
When using the feature "h2.lobInDatabase" then this limit is including CLOB and BLOB data, When using the feature "h2.lobInDatabase" then this limit is including CLOB and BLOB data,
otherwise this limit is excluding CLOB and BLOB data, and every CLOB or BLOB can be up to 256 GB. otherwise this limit is excluding CLOB and BLOB data, and every CLOB or BLOB can be up to 256 GB.
</li><li>The maximum file size for FAT or FAT32 file systems is 4 GB. That means when using FAT or FAT32, </li><li>The maximum file size for FAT or FAT32 file systems is 4 GB. That means when using FAT or FAT32,
the limit is 4 GB for the data. This is the limitation of the file system. The database does provide a the limit is 4 GB for the data. This is the limitation of the file system. The database does provide a
......
...@@ -18,7 +18,19 @@ Change Log ...@@ -18,7 +18,19 @@ Change Log
<h1>Change Log</h1> <h1>Change Log</h1>
<h2>Next Version (unreleased)</h2> <h2>Next Version (unreleased)</h2>
<ul><li>CREATE FORCE VIEW didn't work in most cases if a referenced table didn't exist. <ul><li>Password hash: in addition to connecting with the plain text password,
H2 now supports connecting with the password hash.
Like this you don't have to store plain text passwords in config files.
For details, see the documentation at Advanced / Password Hash.
</li><li>Lucene 3.x support was added in the source code, however it is not yet enabled by default
and is not yet supported when using the default h2 jar file. To enable Lucene 3.x support,
the source code of H2 needs to be switched using <code>./build.sh -Dlucene=3 switchSource</code>,
and then re-compile. To switch the source code back use <code>./build.sh -Dlucene=2 switchSource</code> (replace
./build.sh with build.bat on Windows).
The plan is to use Lucene 3 by default in H2 version 1.3.x.
Issue 147.
</li><li>The native fulltext search could cause a Java level deadlock if searching from multiple connections concurrently.
</li><li>CREATE FORCE VIEW didn't work in most cases if a referenced table didn't exist.
</li><li>MVCC: when trying to insert two rows with the same key from two connections, </li><li>MVCC: when trying to insert two rows with the same key from two connections,
the second connection immediately threw the exception "Unique index or primary key violation". the second connection immediately threw the exception "Unique index or primary key violation".
Instead, the second connection now waits throwing the exception until the first connection Instead, the second connection now waits throwing the exception until the first connection
...@@ -31,7 +43,7 @@ Change Log ...@@ -31,7 +43,7 @@ Change Log
</li><li>The built-in connection pool (JdbcConnectionPool) did not always honor the login timeout </li><li>The built-in connection pool (JdbcConnectionPool) did not always honor the login timeout
(the timeout could occur much too early). Thanks a lot to Dario Fassi for the patch! (the timeout could occur much too early). Thanks a lot to Dario Fassi for the patch!
</li><li>Translation: the new messages have been translated to Spanish. Thanks a lot to Dario Fassi! </li><li>Translation: the new messages have been translated to Spanish. Thanks a lot to Dario Fassi!
</li><li>The table INFORMATION_SCHEMA.SETTINGS now contains all H2-specific system properties </li><li>The table INFORMATION_SCHEMA.SETTINGS now contains all H2-specific system properties
(the ones that start with "h2.") and that are explicitly set. Previously, some H2-specific settings (the ones that start with "h2.") and that are explicitly set. Previously, some H2-specific settings
(for example h2.analyzeAuto) were missing in this list. (for example h2.analyzeAuto) were missing in this list.
</li><li>EXPLAIN ANALYZE with an in-memory database threw an exception. Issue 216. </li><li>EXPLAIN ANALYZE with an in-memory database threw an exception. Issue 216.
......
...@@ -73,8 +73,6 @@ Features ...@@ -73,8 +73,6 @@ Features
Computed Columns / Function Based Index</a><br /> Computed Columns / Function Based Index</a><br />
<a href="#multi_dimensional"> <a href="#multi_dimensional">
Multi-Dimensional Indexes</a><br /> Multi-Dimensional Indexes</a><br />
<a href="#passwords">
Using Passwords</a><br />
<a href="#user_defined_functions"> <a href="#user_defined_functions">
User-Defined Functions and Stored Procedures</a><br /> User-Defined Functions and Stored Procedures</a><br />
<a href="#triggers"> <a href="#triggers">
...@@ -508,7 +506,7 @@ This is achieved using different database URLs. Settings in the URLs are not cas ...@@ -508,7 +506,7 @@ This is achieved using different database URLs. Settings in the URLs are not cas
</td> </td>
</tr> </tr>
<tr> <tr>
<td><a href="#passwords">User name and/or password</a></td> <td><a href="advanced.html#passwords">User name and/or password</a></td>
<td class="notranslate"> <td class="notranslate">
jdbc:h2:&lt;url&gt;[;USER=&lt;username&gt;][;PASSWORD=&lt;value&gt;]<br /> jdbc:h2:&lt;url&gt;[;USER=&lt;username&gt;][;PASSWORD=&lt;value&gt;]<br />
jdbc:h2:file:~/sample;USER=sa;PASSWORD=123<br /> jdbc:h2:file:~/sample;USER=sa;PASSWORD=123<br />
...@@ -1370,78 +1368,6 @@ For an example how to use the tool, please have a look at the sample code provid ...@@ -1370,78 +1368,6 @@ For an example how to use the tool, please have a look at the sample code provid
in <code>TestMultiDimension.java</code>. in <code>TestMultiDimension.java</code>.
</p> </p>
<h2 id="passwords">Using Passwords</h2>
<h3>Using Secure Passwords</h3>
<p>
Remember that weak passwords can be broken regardless of the encryption and security protocols.
Don't use passwords that can be found in a dictionary. Also appending numbers does not make them
secure. A way to create good passwords that can be remembered is, take the first
letters of a sentence, use upper and lower case characters, and creatively include special characters.
Example:
</p><p>
<code>i'sE2rtPiUKtT</code> from the sentence <code>it's easy to remember this password if you know the trick</code>.
</p>
<h3>Passwords: Using Char Arrays instead of Strings</h3>
<p>
Java strings are immutable objects and cannot be safely 'destroyed' by the application.
After creating a string, it will remain in the main memory of the computer at least
until it is garbage collected. The garbage collection cannot be controlled by the application,
and even if it is garbage collected the data may still remain in memory.
It might also be possible that the part of memory containing the password
is swapped to disk (because not enough main memory is available).
</p><p>
An attacker might have access to the swap file of the operating system.
It is therefore a good idea to use char arrays instead of strings to store passwords.
Char arrays can be cleared (filled with zeros) after use, and therefore the
password will not be stored in the swap file.
</p><p>
This database supports using char arrays instead of string to pass user and file passwords.
The following code can be used to do that:
</p>
<pre>
import java.sql.*;
import java.util.*;
public class Test {
public static void main(String[] args) throws Exception {
Class.forName("org.h2.Driver");
String url = "jdbc:h2:~/test";
Properties prop = new Properties();
prop.setProperty("user", "sa");
System.out.print("Password?");
char[] password = System.console().readPassword();
prop.put("password", password);
Connection conn = null;
try {
conn = DriverManager.getConnection(url, prop);
} finally {
Arrays.fill(password, (char) 0);
}
conn.close();
}
}
</pre>
<p>
This example requires Java 1.6.
When using Swing, use <code>javax.swing.JPasswordField</code>.
</p>
<h3>Passing the User Name and/or Password in the URL</h3>
<p>
Instead of passing the user name as a separate parameter as in
<code>
Connection conn = DriverManager.
getConnection("jdbc:h2:~/test", "sa", "123");
</code>
the user name (and/or password) can be supplied in the URL itself:
<code>
Connection conn = DriverManager.
getConnection("jdbc:h2:~/test;USER=sa;PASSWORD=123");
</code>
The settings in the URL override the settings passed as a separate parameter.
</p>
<h2 id="user_defined_functions">User-Defined Functions and Stored Procedures</h2> <h2 id="user_defined_functions">User-Defined Functions and Stored Procedures</h2>
<p> <p>
In addition to the built-in functions, this database supports user-defined Java functions. In addition to the built-in functions, this database supports user-defined Java functions.
......
...@@ -38,6 +38,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>. ...@@ -38,6 +38,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>Disable h2.databaseToUpper (database short names are converted to uppercase). </li><li>Disable h2.databaseToUpper (database short names are converted to uppercase).
</li><li>Enable h2.dropRestrict (default action for DROP is RESTRICT). </li><li>Enable h2.dropRestrict (default action for DROP is RESTRICT).
Change documentation. Change documentation.
</li><li>Use Lucene 3 by default.
</li></ul> </li></ul>
<h2>Priority 1</h2> <h2>Priority 1</h2>
...@@ -516,6 +517,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>. ...@@ -516,6 +517,7 @@ See also <a href="build.html#providing_patches">Providing Patches</a>.
</li><li>Common Table Expression (CTE): support multiple named queries. Issue 220. </li><li>Common Table Expression (CTE): support multiple named queries. Issue 220.
</li><li>Common Table Expression (CTE): identifier scope may be incorrect. Issue 222. </li><li>Common Table Expression (CTE): identifier scope may be incorrect. Issue 222.
</li><li>If a database object was not found in the current schema, but one with the same name existed in another schema, included that in the error message. </li><li>If a database object was not found in the current schema, but one with the same name existed in another schema, included that in the error message.
</li><li>Optimization to use an index for OR when using multiple keys: where (key1 = ? and key2 = ?) OR (key1 = ? and key2 = ?)
</li></ul> </li></ul>
<h2>Not Planned</h2> <h2>Not Planned</h2>
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -44,9 +44,13 @@ public class SwitchSource { ...@@ -44,9 +44,13 @@ public class SwitchSource {
} else if ("-version".equals(a)) { } else if ("-version".equals(a)) {
version = args[++i]; version = args[++i];
} else if (a.startsWith("-")) { } else if (a.startsWith("-")) {
disable.add(a.substring(1)); String x = a.substring(1);
disable.add(x);
enable.remove(x);
} else if (a.startsWith("+")) { } else if (a.startsWith("+")) {
enable.add(a.substring(1)); String x = a.substring(1);
enable.add(x);
disable.remove(x);
} else { } else {
showUsage(); showUsage();
return; return;
......
...@@ -654,3 +654,5 @@ stacked unable seeking underflow violations evaluates repeats minimalistic ...@@ -654,3 +654,5 @@ stacked unable seeking underflow violations evaluates repeats minimalistic
licensing appreciate textbook diligence undergraduate afaik mathematics chris licensing appreciate textbook diligence undergraduate afaik mathematics chris
arrangements bugfix premain longs majority crashing behaving inst inventor arrangements bugfix premain longs majority crashing behaving inst inventor
javaagent park accurately adopt consists night equally enhance enhanced javaagent park accurately adopt consists night equally enhance enhanced
skiing honor marketing sleeping dlucene timezones shifted analyzed insists
train joining bilingual existed
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论