> - Network authentication, remote login or choose another name:
> the server cannot trust the client without some restrictions.

I would like to add a little to this requirement.

It would be good to not only validate the "client" in terms of the
client dll, but to actually be able to restrict access via specific
applications. This is sort of related to the third element you
mentioned - command verification - but goes a little deeper.

I am happy for the SYSDBA - or other specifically authorised user - to
access the database using ISQL, IB_Console or whatever. But I do not
want my run-of-the-mill user accessing the database with such tools.
At the moment I fudge this by mashing the users password in the client
application, so they dont know their actual IB password - but this
approach is only (partly) effective while my source is closed.

Perhaps the certificate mechanisms mentioned in earlier postings could
be used to support this level of authentication - I dont really know
enough about it.

Just something extra.

Geoff Worboys
Telesis Computing