When RMI needs to create a sockets to handle its network communications for the ball component, it will now use these factory classes to generate those sockets instead of the normal socket factories. Database Security In a multitier environment, you generally put together multiple technologies with their own authentication and validation mechanisms. You might, for example, have EJB component authentication and validation in the middle tier, but also have database authentication and validation in the data storage tier. A servlet environment might even compound that with web server security. Multitier applications generally grant a single user ID/password to the middle tier ap- plication server. The database trusts that the application server properly manages se- curity. Other tools accessing that same database use different user ID and password combinations to distinguish them and their access rights. Individual users, in turn, are managed either at the web server or application server layer. A web-based application, for example, could use the web server to manage which users can see which web pages. Those web pages present only the screens containing data a specific user is allowed to see or edit. The web server, in turn, will use a single user ID and password to authenticate itself with the application server. It does not matter who the actual end user is. Similarly, the application server will support access by a handful of different client applications authenticated by user ID/password combinations on a