| Securing your H2IntroductionNetwork exposed Alias / Stored Procedures Grants / Roles / Permissions Encrypted storage IntroductionH2 is __not__ designed to be run in an adversarial environment. You should absolutely not expose your H2 server to untrusted connections. Running H2 in embedded mode is the best choice - it is not externally exposed. Network exposedWhen running an H2 server in TCP mode, first prize is to run with it only listening to connections on localhost (i.e 127.0.0.1). Second prize is running listening to restricted ports on a secured network. If you expose H2 to the broader Internet, you can secure the connection with SSL, but this is a rather tricky thing to get right, between JVM bugs, certificates and choosing a decent cipher. Alias / Stored procedures
Anything created with  Grants / Roles / Permissions
 Encrypted storageEncrypting your on-disk database will provide a small measure of security to your stored data. You should not assume that this is any kind of real security against a determined opponent however, since there are many repeated data structures that will allow someone with resources and time to extract the secret key. Also the secret key is visible to anything that can read the memory of the process. |