On Wed, Jun 18, 2008 at 10:36 PM, Douglas McNaught <doug@xxxxxxxxxxxx> wrote: > . . . SQL permissions should be all you need. > > -Doug ~ What about the security implications? Is the J2EE server enough to control access to the DB? ~ Java does not allow for buffer overruns and such hacking venues, but what would happen if a hacker somehow gains access to the data directly, bypassing the J2EE server? ~ The thing is that for performance reasons I could not nicely model highly hierarchical data objects using SQL tables, so I have to come up with complicated data structures that I serialize and keep in fields as BLOBs ~ And yes, I know, my approach was very roundabout ;-) I was trying to fancy a hacker-proof scenario and it would all be based on scripts ~ I think SCSI disks even have a switch to -physically- avoid writing to them. I'd wish I could use such features in regular SATA disks. I definitely trust Physics ~ thanx lbrtchx