> Your security model is too weak and antiquated for web applications
> where a single application server services many classes of users. You
> model says that all application server connections are alike and the
> responsibility for enforcing security belongs to the application
> programmer, not the database system. This makes for expensive, bad,
> insecure applications. A security framework is effective if the
> security controls be implemented so the application controls the
> policy that the database system enforces. Firebird can't do this now,
> but could be easily extended to do so.

This sounds very interesting.

I would like to hear opinion of David Jencks, whether we can promote
the security context from the J2EE environment automatically. I
suspect that's the way J2EE specs anticipated the security model,
though none of the RDBMSes provide such capabilities. Does it make
sense to you as Geronimo developer?

Roman