Removing the Plaintext Admin Password Used as CLI Argument

After this commit, the `webAdminPassword` option could only be set by the config file because the CLI argument reveals the password in plain text when a low-privileged local user sees the local process.
h2database · Sep 20, 2022 · fd85ea2 · fd85ea2
1 parent 819c88a
commit fd85ea2
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 9 deletions.
diff --git a/h2/src/main/org/h2/res/javadoc.properties b/h2/src/main/org/h2/res/javadoc.properties
@@ -32,6 +32,6 @@ org.h2.tools.RunScript.main=Options are case sensitive.\nSupported options[-help
 org.h2.tools.Script=Creates a SQL script file by extracting the schema and data of a database.
 org.h2.tools.Script.main=Options are case sensitive.\nSupported options[-help] or [-?]Print the list of options\n[-url "<url>"]     The database URL (jdbc\:...)\n[-user <user>]     The user name (default\: sa)\n[-password <pwd>]  The password\n[-script <file>]   The target script file name (default\: backup.sql)\n[-options ...]     A list of options (only for embedded H2, see SCRIPT)\n[-quiet]           Do not print progress information
 org.h2.tools.Server=Starts the H2 Console (web-) server, TCP, and PG server.
-org.h2.tools.Server.main=When running without options, -tcp, -web, -browser and -pg are started.\n\n Options are case sensitive.\nSupported options[-help] or [-?]Print the list of options\n[-web]                  Start the web server with the H2 Console\n[-webAllowOthers]       Allow other computers to connect - see below\n[-webExternalNames]       The comma-separated list of external names and IP addresses of this server, used together with -webAllowOthers\n[-webDaemon]            Use a daemon thread\n[-webPort <port>]       The port (default\: 8082)\n[-webSSL]               Use encrypted (HTTPS) connections\n[-webAdminPassword]     Password of DB Console administrator\n[-browser]              Start a browser connecting to the web server\n[-tcp]                  Start the TCP server\n[-tcpAllowOthers]       Allow other computers to connect - see below\n[-tcpDaemon]            Use a daemon thread\n[-tcpPort <port>]       The port (default\: 9092)\n[-tcpSSL]               Use encrypted (SSL) connections\n[-tcpPassword <pwd>]    The password for shutting down a TCP server\n[-tcpShutdown "<url>"]  Stop the TCP server; example\: tcp\://localhost\n[-tcpShutdownForce]     Do not wait until all connections are closed\n[-pg]                   Start the PG server\n[-pgAllowOthers]        Allow other computers to connect - see below\n[-pgDaemon]             Use a daemon thread\n[-pgPort <port>]        The port (default\: 5435)\n[-properties "<dir>"]   Server properties (default\: ~, disable\: null)\n[-baseDir <dir>]        The base directory for H2 databases (all servers)\n[-ifExists]             Only existing databases may be opened (all servers)\n[-ifNotExists]          Databases are created when accessed\n[-trace]                Print additional trace information (all servers)\n[-key <from> <to>]      Allows to map a database name to another (all servers)\nThe options -xAllowOthers are potentially risky.\n\n For details, see Advanced Topics / Protection against Remote Access.
+org.h2.tools.Server.main=When running without options, -tcp, -web, -browser and -pg are started.\n\n Options are case sensitive.\nSupported options[-help] or [-?]Print the list of options\n[-web]                  Start the web server with the H2 Console\n[-webAllowOthers]       Allow other computers to connect - see below\n[-webExternalNames]       The comma-separated list of external names and IP addresses of this server, used together with -webAllowOthers\n[-webDaemon]            Use a daemon thread\n[-webPort <port>]       The port (default\: 8082)\n[-webSSL]               Use encrypted (HTTPS) connections\n[-browser]              Start a browser connecting to the web server\n[-tcp]                  Start the TCP server\n[-tcpAllowOthers]       Allow other computers to connect - see below\n[-tcpDaemon]            Use a daemon thread\n[-tcpPort <port>]       The port (default\: 9092)\n[-tcpSSL]               Use encrypted (SSL) connections\n[-tcpPassword <pwd>]    The password for shutting down a TCP server\n[-tcpShutdown "<url>"]  Stop the TCP server; example\: tcp\://localhost\n[-tcpShutdownForce]     Do not wait until all connections are closed\n[-pg]                   Start the PG server\n[-pgAllowOthers]        Allow other computers to connect - see below\n[-pgDaemon]             Use a daemon thread\n[-pgPort <port>]        The port (default\: 5435)\n[-properties "<dir>"]   Server properties (default\: ~, disable\: null)\n[-baseDir <dir>]        The base directory for H2 databases (all servers)\n[-ifExists]             Only existing databases may be opened (all servers)\n[-ifNotExists]          Databases are created when accessed\n[-trace]                Print additional trace information (all servers)\n[-key <from> <to>]      Allows to map a database name to another (all servers)\nThe options -xAllowOthers are potentially risky.\n\n For details, see Advanced Topics / Protection against Remote Access.
 org.h2.tools.Shell=Interactive command line tool to access a database using JDBC.
 org.h2.tools.Shell.main=Options are case sensitive.\nSupported options[-help] or [-?]Print the list of options\n[-url "<url>"]         The database URL (jdbc\:h2\:...)\n[-user <user>]         The user name\n[-password <pwd>]      The password\n[-driver <class>]      The JDBC driver class to use (not required in most cases)\n[-sql "<statements>"]  Execute the SQL statements and exit\n[-properties "<dir>"]  Load the server properties from this directory\nIf special characters don't work as expected, you may need to use\n -Dfile.encoding\=UTF-8 (Mac OS X) or CP850 (Windows).
diff --git a/h2/src/main/org/h2/server/web/WebServer.java b/h2/src/main/org/h2/server/web/WebServer.java
@@ -333,8 +333,6 @@ public void init(String... args) {
                 ifExists = true;
             } else if (Tool.isOption(a, "-ifNotExists")) {
                 ifExists = false;
-            } else if (Tool.isOption(a, "-webAdminPassword")) {
-                setAdminPassword(args[++i]);
             } else if (Tool.isOption(a, "-properties")) {
                 // already set
                 i++;

diff --git a/h2/src/main/org/h2/tools/Server.java b/h2/src/main/org/h2/tools/Server.java
@@ -74,8 +74,6 @@ public Server(Service service, String... args) throws SQLException {
      * <td>The port (default: 8082)</td></tr>
      * <tr><td>[-webSSL]</td>
      * <td>Use encrypted (HTTPS) connections</td></tr>
-     * <tr><td>[-webAdminPassword]</td>
-     * <td>Password of DB Console administrator</td></tr>
      * <tr><td>[-browser]</td>
      * <td>Start a browser connecting to the web server</td></tr>
      * <tr><td>[-tcp]</td>
@@ -145,8 +143,6 @@ private void verifyArgs(String... args) throws SQLException {
                     // no parameters
                 } else if ("-webPort".equals(arg)) {
                     i++;
-                } else if ("-webAdminPassword".equals(arg)) {
-                    i++;
                 } else {
                     throwUnsupportedOption(arg);
                 }
@@ -248,8 +244,6 @@ public void runTool(String... args) throws SQLException {
                     // no parameters
                 } else if ("-webPort".equals(arg)) {
                     i++;
-                } else if ("-webAdminPassword".equals(arg)) {
-                    i++;
                 } else {
                     showUsageAndThrowUnsupportedOption(arg);
                 }