I am evaluating using the Derby instance embedded in Geronimo to store application-specific data.  The data would be stored in a separate, application-specific database.  In order to achieve this, I would need to lock down this application-specific database so that un-authorized processes (which did not authenticate with a username/password) would not be able to access the database.  This could occur, since it is possible to connect to the Derby instance on port 1527 on the machine where Geronimo is running and, by default, no username/password is required to connect.  It should be noted that there are scenarios in my application where authorized remote processes will need to connect to this Derby instance, so simply disabling the Derby 'network server' is not an adequate solution.  I searched through the Geronimo documentation and this mailing list, but could not find any info on this topic.  Any help regarding how to configure Geronimo to meet these requirements would be greatly appreciated.  Thanks.
- Brian