> Most of the apps I work on authentication is handled at > application layer, not > the database layer. > > Is this uncommon to everyone else? > > More or less the DB is just persistent storage. Yes, in my experience the security model provided by the RDBMS is often lacking in features needed to fullfill the requirements. This is particularly true when there security at the row or column level. However, I think the RDBMS is more than "persistent storage". It provides ACID transactions, transaction processing monitor, backup/recovery, a declarative query language, referenctial integrity, query optimization, etc. Mike