Re: H2 database admin console

2014-09-23 Thread Kevin Sweeney
This is straightforward to protect with Shiro, which I plan to work on this week as part of https://issues.apache.org/jira/browse/AURORA-31 On Tue, Sep 16, 2014 at 11:23 AM, Kevin Sweeney wrote: > To be clear I'm acknowledging the security concerns as real (unprivileged > accounts can usually ru

Re: H2 database admin console

2014-09-16 Thread Kevin Sweeney
To be clear I'm acknowledging the security concerns as real (unprivileged accounts can usually run ps to see what's running locally, and write access to this database is essentially root on the whole cluster, so some basic protection is reasonable). As far as code burden, the difference between ta

Re: H2 database admin console

2014-09-16 Thread Joshua Cohen
A property file sounds fine to me, my concern was with passing a raw password as a command line arg. That being said, if we can obviate the need for a password... even better. On Tue, Sep 16, 2014 at 10:54 AM, Maxim Khutornenko wrote: > +1 on the command-line approach. There was a bit of a debat

Re: H2 database admin console

2014-09-16 Thread Maxim Khutornenko
+1 on the command-line approach. There was a bit of a debate around it when it was proposed for the framework auth but its simplicity outweighed potential security concerns. On Tue, Sep 16, 2014 at 10:34 AM, Kevin Sweeney wrote: > There's precedent to take secrets as a properties file on the comm

Re: H2 database admin console

2014-09-16 Thread Kevin Sweeney
There's precedent to take secrets as a properties file on the command-line (-framework_authentication_file), my vote is that we follow that. On Tue, Sep 16, 2014 at 10:17 AM, Joshua Cohen wrote: > Providing the password directly via the command line seems like it would be > a security issue (any

Re: H2 database admin console

2014-09-16 Thread Joshua Cohen
Providing the password directly via the command line seems like it would be a security issue (anyone who can `ps` on the box could see the password?). Is there something I'm missing? Would it be possible (and if so, would it be desirable?) to start up the web console as a user who only has read acc

Re: H2 database admin console

2014-09-16 Thread Zameer Manji
Would it be possible to protect the database via Apache Shiro after AURORA-351 is complete? On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner wrote: > Since beginning migration of the internal database to H2, i've wanted to > include the H2 web conso