I've done a similar work in 1997 for one of my clients. The password
method will be just part of the security system. But you may want
to consider to implement the RBAC in the database. In that way,
the users whether they are applications, e.g., business objects,
DB interactive tool by human user,
Noel,
I'm sorry if this is obvious, but have you considered putting a firewall in
the way?
If your application is on the same machine as the database, block all
connections except to the port your application runs on (ie probably 80 if
it's a web application)? The firewall will block connections
