Not being the best person to speak about it (do to my limited knowledge of
specifics), I think the flow is this.

1) a user is created with no permissions to do anything
2) said user can log in through an application
3) some library is used to assign a predetermined role for that user which
is only good for the current connection, which prevents people from logging
in through the app and then opening up a new connection directly to do their
damage.
4) when the connection is closed, this role information is lost

The system I am thinking of would be a web based application that would all
be on trusted servers. I'm trying to handle all of the user features on the
application level, using one database login to make the connections and
query and insert. My concern is that someone who could figure out that one
login could have a field day with the information in the database, if they
could somehow reach it. As I said before, someone who can get to the box
can do lots of other nasty things as well, which would also have to be
protected against. I was just wondering if these facilities already exist
in FB.

Regards,
Mike

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.