If the user name and password are not set or empty, then the password is not hashed.

baf17927 · Thomas Mueller · 6d243eec · baf17927 · baf17927 · baf17927
--- a/h2/src/docsrc/html/changelog.html
+++ b/h2/src/docsrc/html/changelog.html
@@ -18,7 +18,10 @@ Change Log
 <h1>Change Log</h1>
 <h2>Next Version (unreleased)</h2>
-<ul><li>Cluster: auto-commit was disabled after opening a connection.
+<ul><li>If the user name and password are not set or empty, then the password is not hashed.
+    To disable this behavior, set the system property h2.emptyPassword to false.
+    TCP server: the default user name for the management database is now an empty string.
+</li><li>Cluster: auto-commit was disabled after opening a connection.
 </li><li>Connection.getAutoCommit() is now much faster, specially when using the server mode.
 </li><li>Statement.cancel() had no effect when using the server mode.
 </li><li>SCRIPT: the SQL script no longer contains settings that match the default value.

--- a/h2/src/main/org/h2/command/ddl/CreateUser.java
+++ b/h2/src/main/org/h2/command/ddl/CreateUser.java
@@ -7,6 +7,7 @@
 package org.h2.command.ddl;
 import org.h2.constant.ErrorCode;
+import org.h2.constant.SysProperties;
 import org.h2.engine.Database;
 import org.h2.engine.Session;
 import org.h2.engine.User;
@@ -73,9 +74,14 @@ public class CreateUser extends DefineCommand {
        if (hash != null && salt != null) {
            user.setSaltAndHash(getByteArray(salt), getByteArray(hash));
        } else if (password != null) {
-            SHA256 sha = new SHA256();
            char[] passwordChars = getCharArray(password);
-            byte[] userPasswordHash = sha.getKeyPasswordHash(userName, passwordChars);
+            byte[] userPasswordHash;
+            if (userName.length() == 0 && passwordChars.length == 0 && SysProperties.EMPTY_PASSWORD) {
+                userPasswordHash = new byte[0];
+            } else {
+                SHA256 sha = new SHA256();
+                userPasswordHash = sha.getKeyPasswordHash(userName, passwordChars);
+            }
            user.setUserPasswordHash(userPasswordHash);
        } else {
            throw DbException.throwInternalError();

--- a/h2/src/main/org/h2/constant/SysProperties.java
+++ b/h2/src/main/org/h2/constant/SysProperties.java
@@ -296,6 +296,12 @@ public class SysProperties {
     */
    public static final int ESTIMATED_FUNCTION_TABLE_ROWS = getIntSetting("h2.estimatedFunctionTableRows", 1000);
+    /**
+     * System property <code>h2.emptyPassword</code> (default: true).<br />
+     * Don't use a secure hash if the user name and password are empty or not set.
+     */
+    public static final boolean EMPTY_PASSWORD = getBooleanSetting("h2.emptyPassword", true);
    /**
     * System property <code>h2.functionsInSchema</code> (default:
     * false).<br />

--- a/h2/src/main/org/h2/engine/ConnectionInfo.java
+++ b/h2/src/main/org/h2/engine/ConnectionInfo.java
@@ -274,6 +274,9 @@ public class ConnectionInfo implements Cloneable {
        if (passwordHash) {
            return StringUtils.convertStringToBytes(new String(password));
        } else {
+            if (userName.length() == 0 && password.length == 0 && SysProperties.EMPTY_PASSWORD) {
+                return new byte[0];
+            }
            SHA256 sha = new SHA256();
            return sha.getKeyPasswordHash(userName, password);
        }

--- a/h2/src/main/org/h2/engine/User.java
+++ b/h2/src/main/org/h2/engine/User.java
@@ -64,10 +64,14 @@ public class User extends RightOwner {
     */
    public void setUserPasswordHash(byte[] userPasswordHash) {
        if (userPasswordHash != null) {
-            salt = new byte[Constants.SALT_LEN];
+            if (userPasswordHash.length == 0) {
-            MathUtils.randomBytes(salt);
+                salt = passwordHash = userPasswordHash;
-            SHA256 sha = new SHA256();
+            } else {
-            this.passwordHash = sha.getHashWithSalt(userPasswordHash, salt);
+                salt = new byte[Constants.SALT_LEN];
+                MathUtils.randomBytes(salt);
+                SHA256 sha = new SHA256();
+                passwordHash = sha.getHashWithSalt(userPasswordHash, salt);
+            }
        }
    }
@@ -179,6 +183,9 @@ public class User extends RightOwner {
     * @return true if the user password hash is correct
     */
    public boolean validateUserPasswordHash(byte[] userPasswordHash) {
+        if (userPasswordHash.length == 0 && passwordHash.length == 0) {
+            return true;
+        }
        SHA256 sha = new SHA256();
        byte[] hash = sha.getHashWithSalt(userPasswordHash, salt);
        return Utils.compareSecure(hash, passwordHash);

--- a/h2/src/main/org/h2/server/TcpServer.java
+++ b/h2/src/main/org/h2/server/TcpServer.java
@@ -82,7 +82,7 @@ public class TcpServer implements Service {
    private void initManagementDb() throws SQLException {
        Properties prop = new Properties();
-        prop.setProperty("user", "sa");
+        prop.setProperty("user", "");
        prop.setProperty("password", managementPassword);
        // avoid using the driver manager
        Connection conn = Driver.load().connect("jdbc:h2:" + getManagementDbName(port), prop);
@@ -407,7 +407,7 @@ public class TcpServer implements Service {
                Connection conn = null;
                PreparedStatement prep = null;
                try {
-                    conn = DriverManager.getConnection("jdbc:h2:" + url + "/" + db, "sa", password);
+                    conn = DriverManager.getConnection("jdbc:h2:" + url + "/" + db, "", password);
                    prep = conn.prepareStatement("CALL STOP_SERVER(?, ?, ?)");
                    prep.setInt(1, all ? 0 : port);
                    prep.setString(2, password);