Hi,
For what I've seen, first issue to address is that password is hashed on
client side before to opening the and in this scenario has be sent to a
server
In my mind external authentication should be plugged in as an additional
option without creating incompatibilities (especially in the protocol)
It could be obtained by using connectionInfo properties; a new client side
property AUTHREALM={xxx} trigger:
* on client to store the password in a temporary property (like _PASSWORD)
* on server side it act as a flag for externally authenticated users
At the end of authentication these properties should be removed from
connectionInfo on both sides
Another point is how to model it:
- it would be great to define external users as temporary database users
- rights of external users to object database managed trough roles
- mapping between external users and database roles performed during
authentication
What do you think?
I'm creating a prototype (project mysinmyc/h2database) to preview the
feature; obviosly i've to perform some tests to make it stable
There is a running server sample org.h2.samples.MockAuthenticator that
accept any user (password=username)
Il giorno sabato 12 maggio 2018 06:52:24 UTC+2, AleVen ha scritto:
>
> Hi,
>
> To expose directly H2 databases to end users it would be great support for
> external authentication providers (like ldap,...) .
>
>
> Many thanks
>
>
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
