A basic security requirement is that you must know your users. You must identify them before you can determine their privileges and access rights, and so that you can audit their actions upon the data. User can be authenticated in many ways before they are allowed to create a database. Database authentication includes both identification and authentication of users. External authentication can be performed by the operating system or network service. Also the user authentication can be defined by Secure Socket Layer (SSL), through enterprise roles, through middle tier server authentication also known as proxy authentication. This is the very basic requirement to ensure security since the identification process defines a set of people that are allowed to access data. To ensure security, the identity is authenticated and it keeps the sensitive data secure and from being modified by unauthorized users. Attackers can take different approaches like bypass authentication, default password, privilege escalation, password guessing by brute force and rainbow attack when they attempt to compromise user identification and authentication.
Some applications manage a pool of database connections. In such three-tier architectures the pooled connections all log into a database using a single functional ID, and then manage all application users internally. When a user session needs access to the database ,it acquires a connection from the pool, uses it and then releases it back to the pool.
For some applications that manage users internally, the application user cannot be identified from the traffic.
In many existing applications, all of the information needed to identify an application user can be obtained from existing database traffic, from stored procedure calls.