Hi, We use embedded H2 in a webapp with tomcat. We use the servlet webconsole to manage the database. Our database is password protected, which should allow some security. But I don't see how to prevent an unauthorized user from creating a new database and filling it with junk if they visit the webconsole url. Our current method to prevent this is to simply obscure the web-console url-pattern to something that is hard to guess or know - thus trying to prevent someone from stumbling upon it. Though I do not think this is a full solid security method.
Any ideas or tips on how to 1) secure the web-console servlet 2) prevent others from creating new databases if they find the url. Thanks, -Adam -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to h2-database+unsubscr...@googlegroups.com. To post to this group, send email to h2-database@googlegroups.com. Visit this group at http://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
