Doh. Sorry, and thank you for the confirmation that we're ok to ignore that warning! Thank you, again!
On Tuesday, January 8, 2019 at 5:15:56 AM UTC-5, Evgenij Ryazanov wrote: > > Hello. > > These alerts are invalid from my point of view. DB administrator in H2 has > full access to JVM, and JVM has access to operating system. This is by > design. You should never give ADMIN permission to untrusted users or > applications, regular users with necessary grants should be used instead. > Web or TCP servers should be either guarded by security permissions or > firewall properly or be configured to forbid creation of new databases. > > Some software provide embedded H2 with different own unsafe configurations > that provide administrative access to anyone. > > I do not understand how new release of H2 will help you in that situation. > CREATE ALIAS still may be used to execute any code, and BACKUP function > still may be used to write backup to any specified location. > > H2 does not have LTS releases. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
