Authentication from java application

Seems to me from a java application implemented based on xml:db api, you
have no place to authenticate a user. So, how can I prevent my database
from being accessed by others. Anybody can just write a java app to
access my database as long as they know the db url. Even I can use
firewall to protect the port, the users on the same system with me is
still able to do that, right?

So, what is exactally the authentication provided by eXist used for,
only used in the case that you run client GUI?

 Thanks
-- 
Yue(Eric) Zhang
Database Analyst/DBA, TAPoR Project
Arts Department, University of Alberta
Edmonton, AB, Canada



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl