>
>Is the application restricted to the native InterBase API? Or must
>the solution work with ODBC, JDBC, BDE, etc? Does there need to
>be an escape for third party report writers, etc? Do you need
>to be able to back it up?

Of course the data needs to be backed up. I don't see that as a problem now
because in an embedded application this is simply just backing up the data
files. If we get incremental backups that would be different. I don't think
the communication mechanism should matter so much. Presuming some sort of a
challenge/response or a key/ticket exchange it should not rely on the
transport mechanism.

>What threats should the mechanism reasonable protect against? A
>well meaning but misadvised user? An application program wanting
>to write an extension? A competing developer?

all of the above (as long as I am wishing). Seriously though.. Mostly from
casual snoopers. Most developers of database applications tend to use high
end programming tools like VB, Delphi or do web based stuff using PHP,
JAVA, ASP, Cold Fusion etc. I just don't see these people expending so much
effort trying to break some security mechanism. I also don't see some
vertical market or a custom written application getting the attention
of hackers. Hackers usually want to crack commercial general use programs.
:wq
Tim Uckun
Due Diligence Inc. http://www.diligence.com/ Americas Background
Investigation Expert.
If your company isn't doing background checks, maybe you haven't considered
the risks of a bad hire.