H2 Database Engine: New version released

[Thomas Mueller Graf]

Hello,

A new version of H2 is available at http://www.h2database.com
(you may have to click 'Refresh').

For details, see the 'Change Log' at
http://www.h2database.com/html/changelog.html

Please note the jar file may not yet be available in the
Maven central repository (synchronizing usually takes a few hours).

P.S. If you reply to this message please use a different subject.

Have fun,
Thomas

[Christian MICHON]

Hi,

is it normal one cannot connect to memory databases anymore using H2 console web interface?

jdbc:h2:mem:

yields: Database "mem:" not found [90013-198] 

[Noel Grandin]

you need to give it a name

jdbc:h2:mem:test1

[Evgenij Ryazanov]

Standalone H2 Console does not allow creation of new databases from a web interface any more for security reasons. To create an in-memory database right-click on a system tray icon, choose Create a new database…, specify something like

mem:1;DB_CLOSE_DELAY=-1

instead of database path and set some password for it.

After creation you can use web interface with url

jdbc:h2:mem:1

Use SHUTDOWN command to delete in-memory database without restart.

If H2 console is running in an application that already has such in-memory database you can connect to it to inspect or modify its content.

You can also pass -IfNotExists flag:

Server.createWebServer("-ifNotExists").start();

This flag allows creation of a new database.

You can also pass it to a sevlet if you you use console inside a web application:

<servlet>
 <servlet-name>H2Console</servlet-name>
 <servlet-class>org.h2.server.web.WebServlet</servlet-class>
 <init-param>
  <param-name>ifNotExists</param-name>
  <param-value></param-value>
 </init-param>
</servlet>

[Christian MICHON]

I also tried with a given name

[Christian MICHON]

ok thanks for this valuable information. I will try with some scriptella jobs to see if my ETL scripts require to keep old H2 engines.

[Noel Grandin]

Hmm, that's really not ideal.

The Console is a great way to just open and create random local disk and memory databases, it would be a pity is some stupid "enterprise-requirement-security" got in the way.

 

[Evgenij Ryazanov]

Creation of in-memory databases is obscure now, we definitely need some better UI for it, but creation of normal databases is more or less intuitive and it is described (very briefly) in documentation.

H2 allows unlimited access to underlying system for everyone if creation of new databases is allowed.

Unfortunately, we missed a configuration option for tray icon. ifNotExists can be passed to a web or TCP server, but cannot be passed to the Console application.

[Noel Grandin]

On Sat, 23 Feb 2019 at 16:52, Evgenij Ryazanov <kat...@gmail.com> wrote:

H2 allows unlimited access to underlying system for everyone if creation of new databases is allowed.

If you are running the console against local databases, you're doing anything you're already allowed to do. We just made it less convenient.

[Christian MICHON]

at least using scriptella ETL, it is still possible to use a memory database. But it's less convenient indeed to fire up a memory database and demo a quick SQL script...

[Evgenij Ryazanov]

On Saturday, 23 February 2019 23:11:33 UTC+8, Noel Grandin wrote:

If you are running the console against local databases, you're doing anything you're already allowed to do. We just made it less convenient.

 Yes, there is a way to break “security”. Another user on the same home computer or terminal server can create an own database, make its file readable by other users, open H2 Console launched by another user and connect to it.

H2 Console and TCP/PG servers need better security model, we discussed it some time ago, but it is still not implemented.

In terms of usability there are many issues when people use relative URLs with another base directory or in-memory database in another process and get confused why their database is empty. Now a correct error message appears.

Other people are now required to do more steps to create a new database from Console.

We need more intuitive interface for it and reasonable security configuration by default. Personally I don't think that H2 Console should allow unlimited access from sessions of other users without explicit permission from Console's owner.

[Noel Grandin]

On Sun, 24 Feb 2019 at 05:53, Evgenij Ryazanov <kat...@gmail.com> wrote:

 

 Yes, there is a way to break “security”. Another user on the same home computer or terminal server can create an own database, make its file readable by other users, open H2 Console launched by another user and connect to it.

TBH, I'm really not that worried about this kind of hole. The Console is a local & debug tool, meant for use by administrators and developers and local users - for example, there is only ever one person logged into my Windows development machine :-)

 

H2 Console and TCP/PG servers need better security model, we discussed it some time ago, but it is still not implemented.

Can you remind me what we discussed? I don't remember that.

 

We need more intuitive interface for it and reasonable security configuration by default. Personally I don't think that H2 Console should allow unlimited access from sessions of other users without explicit permission from Console's owner.

That sounds reasonable to me, but I'm not aware of any way to achieve it, since we're using a local webserver to serve up the UI.

[Evgenij Ryazanov]

Can you remind me what we discussed? I don't remember that.

https://github.com/h2database/h2database/issues/1389