> I'm not web programmer and don't know technique they use, but if I
> need high security, I place database where users have'nt file access,
> make DCOM application server placed in such directory too and work
> with database via 3-tier. Users don't know where database is, don't
> know it's name and don't know even own password on SQL server -
> appserver perform connects to database, thin client connects to
> appserver using application password. Last can be placed in database
> and retrived by appserver via additional connection.

I am not talking about internet applications, I am talking about web sites
hosted by ISPs. It would be nice to talk ISPs into using IB / Firebird to
allow me to use it on my sites, but how could I ever suggest that they
install a database that doesn't stop people extracting meta-data and adding
new tables ? I don't think I could (in fact, I wouldn't even bother).

Pete