Answer
ArcIMS offers two methods for restricting access to map services through the ArcIMS Servlet Connector using an Access Control List (ACL):
1) ArcXML text file
2) JDBC connection to a database
Maintaining a dynamic ACL using the file-based method is cumbersome since the Servlet Engine must be restarted after each change and the content of the ACL uses a proprietary ArcXML format. The JDBC-based method offers the ability to make dynamic changes to an ACL along with management benefits and familiarity inherent to a relational database.
Note:
When using an Access database the first authentication attempt to the Web site will lock the database, requiring the servlet engine to be restarted for changes to be made
On the Windows platform, Open DataBase Connectivity (ODBC) is a common, freely-available solution used for database access. Since ArcIMS requires the use of a JDBC driver to access a remote database containing an ACL, the ability to freely utilize ODBC through JDBC is a cost effective solution. The latest version of Sun Microsystems's JRE/JDK 2 platform includes a JDBC driver for accessing ODBC data sources called the JDBC-ODBC Bridge. The JDBC-ODBC Bridge allows Java programs such as the ArcIMS Servlet Connector, to use JDBC with many ODBC drivers. The Bridge is a JDBC driver defined in the class sun.jdbc.odbc.JdbcOdbcDriver. This document describes a method used to implement ArcIMS map service authentication with the Servlet Connector and a RDBMS database using the JDBC-ODBC Bridge.
Note:
Even though these articles were written for these particular databases, it is theoretically possible to use these steps with any RDBMS that has an ODBC driver.