Thanks guys.
Actually in a handful of texts and online articles I've read that a good security design is to stick in a firewall between the EJB app server and the database, but the authors never substantiated this with concrete examples. And I'm still trying to find articles that does just that.
I'm just kinda worried I'll encounter this kind of problem in future projects
Or maybe I should consider it a good hack?!
Ex Animo Java!
-- Val