diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
index a089b1db9..52c2bd07e 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java	
@@ -2,7 +2,6 @@ package org.owasp.webgoat;
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.sql.SQLException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Locale;
@@ -212,12 +211,7 @@ public class HammerHead extends HttpServlet
 		log(request, "Could not write error screen: "
 			+ thr.getMessage());
 	    }
-	    try
-	    {
-	    	WebSession.closeConnection();
-	    } catch (SQLException sqle) {
-	    	sqle.printStackTrace();
-	    }
+    	WebSession.returnConnection(mySession);
 	    // System.out.println( "HH Leaving doPost: " );
 	}
     }
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
index 52ffa1b02..d122df17c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java	
@@ -251,7 +251,7 @@ public class BackDoors extends SequentialLessonAdapter
     {
 	if (connection == null)
 	{
-	    connection = DatabaseUtilities.makeConnection(s);
+	    connection = DatabaseUtilities.getConnection(s);
 	}
 
 	return connection;
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
index 941dde270..7e897e725 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
@@ -72,7 +72,7 @@ public class BlindSqlInjection extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    ec.addElement(new P().addElement("Enter your Account Number: "));
@@ -335,7 +335,7 @@ public class BlindSqlInjection extends LessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 	}
 	catch (Exception e)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
index e19cedb5e..125a74ef7 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java	
@@ -85,7 +85,7 @@ public class CSRF extends LessonAdapter {
 
 			if ( connection == null )
 			{
-				connection = DatabaseUtilities.makeConnection( s );
+				connection = DatabaseUtilities.getConnection( s );
 			}
 
 			String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
@@ -173,7 +173,7 @@ public class CSRF extends LessonAdapter {
 		{
 			if ( connection == null )
 			{
-				connection = DatabaseUtilities.makeConnection( s );
+				connection = DatabaseUtilities.getConnection( s );
 			}
 
 			Statement statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
@@ -228,7 +228,7 @@ public class CSRF extends LessonAdapter {
 
 			if ( connection == null )
 			{
-				connection = DatabaseUtilities.makeConnection( s );
+				connection = DatabaseUtilities.getConnection( s );
 			}
 
 			
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
index be22ba3cb..98e1a0a6c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java	
@@ -208,7 +208,7 @@ public class Challenge2Screen extends SequentialLessonAdapter
 
 	if (connection == null)
 	{
-	    connection = DatabaseUtilities.makeConnection(s);
+	    connection = DatabaseUtilities.getConnection(s);
 	}
 
 	Statement statement3 = connection.createStatement(
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java
index 0d48cf792..3d6c80344 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java	
@@ -99,7 +99,7 @@ public class DOS_Login extends LessonAdapter
 		    // Check if the login is valid
 		    if (connection == null)
 		    {
-		    	connection = DatabaseUtilities.makeConnection(s);
+		    	connection = DatabaseUtilities.getConnection(s);
 		    }
 	
 		    String query = "SELECT * FROM user_system_data WHERE user_name = '"
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
index dbda60d45..906272639 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java	
@@ -428,7 +428,7 @@ public class SoapRequest extends SequentialLessonAdapter
     {
 	try
 	{
-	    Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
 	    if (connection == null)
 	    {
 		return null;
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
index 900742d10..e3dfc3e6a 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java	
@@ -122,7 +122,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    try
@@ -188,7 +188,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    ec.addElement(makeStationList(s));
@@ -288,7 +288,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 
 	if (connection == null)
 	{
-	    connection = DatabaseUtilities.makeConnection(s);
+	    connection = DatabaseUtilities.getConnection(s);
 	}
 
 	Map<String, String> stations = new TreeMap<String, String>();
@@ -395,7 +395,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 	}
 	catch (Exception e)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
index 64df2d7d4..df42d393d 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java	
@@ -98,7 +98,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    ec.addElement(makeAccountLine(s));
@@ -180,7 +180,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    ec.addElement(makeAccountLine(s));
@@ -311,7 +311,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 	}
 	catch (Exception e)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
index ee6dccf01..4fc3e586c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java	
@@ -95,7 +95,7 @@ public class StoredXss extends LessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
@@ -209,7 +209,7 @@ public class StoredXss extends LessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    // edit by Chuck Willis - Added logic to associate similar usernames
@@ -331,7 +331,7 @@ public class StoredXss extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    Statement statement = connection.createStatement(
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
index 1654228f4..ee6edc9b8 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java	
@@ -75,7 +75,7 @@ public class ThreadSafetyProblem extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    ec.addElement(new StringElement("Enter user name: "));
@@ -208,7 +208,7 @@ public class ThreadSafetyProblem extends LessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 	}
 	catch (Exception e)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
index 3e52249ac..833ed7d34 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java	
@@ -221,7 +221,7 @@ public class WSDLScanning extends LessonAdapter
 	    int id = s.getParser().getIntParameter("id");
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    Table t = new Table().setCellSpacing(0).setCellPadding(2)
@@ -290,7 +290,7 @@ public class WSDLScanning extends LessonAdapter
     {
 	try
 	{
-	    Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
 	    if (connection == null)
 	    {
 		return null;
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
index 71a40f265..052d85476 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java	
@@ -186,7 +186,7 @@ public class WsSqlInjection extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 	    ec.addElement(makeAccountLine(s));
 
@@ -246,7 +246,7 @@ public class WsSqlInjection extends LessonAdapter
     {
 	try
 	{
-	    Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
+	    Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
 	    if (connection == null)
 	    {
 		return null;
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java
index 42c2c6bd6..146b978f0 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java	
@@ -66,7 +66,7 @@ public class ProductsAdminScreen extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    Statement statement = connection.createStatement(
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java
index b29d0346e..229239947 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java	
@@ -155,7 +155,7 @@ public class RefreshDBScreen extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    CreateDB db = new CreateDB();
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java
index b6e5d613e..99d212ae3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java	
@@ -66,7 +66,7 @@ public class UserAdminScreen extends LessonAdapter
 	{
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    Statement statement = connection.createStatement(
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java
index 8509e9d49..2e93af869 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java	
@@ -77,7 +77,7 @@ public class ViewDatabase extends LessonAdapter
 
 	    if (connection == null)
 	    {
-		connection = DatabaseUtilities.makeConnection(s);
+		connection = DatabaseUtilities.getConnection(s);
 	    }
 
 	    if (sqlStatement.length() > 0)
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
index f34e5608f..e9c072be3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java	
@@ -6,6 +6,9 @@ import java.sql.DriverManager;
 import java.sql.ResultSet;
 import java.sql.ResultSetMetaData;
 import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.ecs.MultiPartElement;
 import org.apache.ecs.html.B;
 import org.apache.ecs.html.TD;
@@ -46,23 +49,50 @@ import org.apache.ecs.html.Table;
 public class DatabaseUtilities
 {
 
-    /**
-     * Description of the Method
-     *
-     * @param s Description of the Parameter
-     *
-     * @return Description of the Return Value
-     *
-     * @exception ClassNotFoundException Description of the Exception
-     * @exception SQLException Description of the Exception
-     */
-    public static Connection makeConnection(WebSession s)
-	    throws ClassNotFoundException, SQLException
-    {
-    	return makeConnection(s.getWebgoatContext());
-    }
-    
-    public static Connection makeConnection(WebgoatContext context)
+	private static Map<String, Connection> connections = new HashMap<String, Connection>();
+	private static Map<String, Boolean> dbBuilt = new HashMap<String, Boolean>();
+	
+	public static Connection getConnection(WebSession s) 
+	throws ClassNotFoundException, SQLException 
+	{
+		return getConnection(s.getUserName(), s.getWebgoatContext());
+	}
+	
+	public static Connection getConnection(String user, WebgoatContext context) 
+		throws ClassNotFoundException, SQLException 
+	{
+		Connection conn = connections.get(user);
+		if (conn != null && !conn.isClosed())
+			return conn;
+		conn = makeConnection(user, context);
+		connections.put(user, conn);
+		
+		if (dbBuilt.get(user) == null) {
+			new CreateDB().makeDB(conn);
+			dbBuilt.put(user, Boolean.TRUE);
+		}
+		
+		return conn;
+	}
+	
+	public static void returnConnection(String user)
+	{
+		try
+		{
+		Connection connection = connections.get(user);
+		if (connection == null || connection.isClosed())
+			return;
+		
+		if (connection.getMetaData().getDatabaseProductName().toLowerCase().contains("oracle"))
+			connection.close();
+		}
+		catch (SQLException sqle)
+		{
+			sqle.printStackTrace();
+		}
+	}
+	
+    public static Connection makeConnection(String user, WebgoatContext context)
     	throws ClassNotFoundException, SQLException
     {
 	Class.forName(context.getDatabaseDriver());
@@ -71,9 +101,9 @@ public class DatabaseUtilities
 	String conn = context.getDatabaseConnectionString();
 	if (password == null || password.equals("")) {
 		return (DriverManager.getConnection(conn));
-	} else {
-		String user = context.getDatabaseUser();
-		return DriverManager.getConnection(conn, user, password);
+	} else {
+		String userPrefix = context.getDatabaseUser();
+		return DriverManager.getConnection(conn, userPrefix + "_" + user, password);
 	}
     }
 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
index f198d6d78..2bf949c5f 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java	
@@ -156,8 +156,6 @@ public class WebSession
 
 	private int previousScreen = ERROR;
 
-	private static Connection connection = null;
-
 	private int hintNum = -1;
 
 	private boolean isAdmin = false;
@@ -217,22 +215,13 @@ public class WebSession
 	public static synchronized Connection getConnection(WebSession s) 
 			throws SQLException, ClassNotFoundException
 	{
-		if ( connection == null || connection.isClosed() )
-		{
-			connection = DatabaseUtilities.makeConnection( s );
-		}
-		
-		return connection;
+		return DatabaseUtilities.getConnection(s);
 	}
 
-	public static synchronized void closeConnection() throws SQLException
-	{
-		if (connection != null && !connection.isClosed()) {
-			connection.close();
-			connection = null;
-		}
+	public static void returnConnection(WebSession s) {
+		DatabaseUtilities.returnConnection(s.getUserName());
 	}
-
+	
 	/**
 	 * Description of the Method
 	 * 
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
index df7e95d12..e23118517 100755
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java	
@@ -1,7 +1,5 @@
 package org.owasp.webgoat.session;
 
-import java.sql.Connection;
-
 import javax.servlet.http.HttpServlet;
 
 public class WebgoatContext {
@@ -32,8 +30,6 @@ public class WebgoatContext {
 
 	public final static String DEBUG = "debug";
 
-	private static boolean databaseBuilt = false;
-	
 	private String databaseConnectionString;
 
 	private String realConnectionString = null;
@@ -84,18 +80,6 @@ public class WebgoatContext {
 		isDebug = "true".equals( servlet.getInitParameter( DEBUG ) );
 		servletName = servlet.getServletName();
 		
-		// FIXME: need to solve concurrency problem here -- make tables for this user
-		if ( !databaseBuilt ) {
-			try {
-				Connection conn = DatabaseUtilities.makeConnection(this);
-				new CreateDB().makeDB(conn);
-				conn.close();
-				databaseBuilt = true;
-			} catch (Exception e) {
-				e.printStackTrace();
-			}
-		}
-
 	}
 
 	/**
diff --git a/ webgoat/main/project/WebContent/WEB-INF/lib/hsqldb.jar b/ webgoat/main/project/WebContent/WEB-INF/lib/hsqldb.jar
new file mode 100644
index 000000000..850ab21f1
Binary files /dev/null and b/ webgoat/main/project/WebContent/WEB-INF/lib/hsqldb.jar differ
diff --git a/ webgoat/main/project/WebContent/WEB-INF/lib/idb.jar b/ webgoat/main/project/WebContent/WEB-INF/lib/idb.jar
deleted file mode 100644
index ec2a40293..000000000
Binary files a/ webgoat/main/project/WebContent/WEB-INF/lib/idb.jar and /dev/null differ
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml
index 53458f502..5bf4fe126 100755
--- a/ webgoat/main/project/WebContent/WEB-INF/web.xml	
+++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml	
@@ -145,17 +145,14 @@
       <init-param>
             <param-name>DatabaseDriver</param-name>
             <param-value>
-		    	sun.jdbc.odbc.JdbcOdbcDriver
-                <!--org.enhydra.instantdb.jdbc.idbDriver-->
+		    	org.hsqldb.jdbcDriver
             </param-value>
       </init-param>
 
       <init-param>
             <param-name>DatabaseConnectionString</param-name>
             <param-value>
-		    	<!-- insert the word PATH where you want to insert the realpath to the base of the web context-->
-                <!--jdbc:idb:PATH/database.prp-->
-				jdbc:odbc:;DRIVER=Microsoft Access Driver (*.mdb);DBQ=PATH/webgoat.mdb;PWD=webgoat"
+				jdbc:hsqldb:.
 		    </param-value>
       </init-param>
 
diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql b/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql
index 723f7f649..0e6d26568 100755
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql	
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql	
@@ -1,9 +1,9 @@
-DROP USER webgoat CASCADE;
-CREATE USER webgoat IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
-GRANT CONNECT, RESOURCE TO webgoat;
-GRANT CREATE PROCEDURE TO webgoat;
+DROP USER webgoat_guest CASCADE;
+CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
+GRANT CONNECT, RESOURCE TO webgoat_guest;
+GRANT CREATE PROCEDURE TO webgoat_guest;
 
-CREATE TABLE WEBGOAT.EMPLOYEE (
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
     userid INT NOT NULL PRIMARY KEY,
     first_name VARCHAR(20),
     last_name VARCHAR(20),
@@ -24,7 +24,7 @@ CREATE TABLE WEBGOAT.EMPLOYEE (
 );
 
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
     stmt VARCHAR(32767);v_userid NUMBER;
 BEGIN
     stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
@@ -32,7 +32,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) AS
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) AS
     stmt VARCHAR(32767);v_userid NUMBER;
 BEGIN
     stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
@@ -40,7 +40,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.UPDATE_EMPLOYEE(
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
     v_userid IN employee.userid%type, 
     v_first_name IN employee.first_name%type, 
     v_last_name IN employee.last_name%type, 
@@ -82,7 +82,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.UPDATE_EMPLOYEE_BACKUP(
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
     v_userid IN employee.userid%type, 
     v_first_name IN employee.first_name%type, 
     v_last_name IN employee.last_name%type, 
diff --git a/ webgoat/main/project/WebContent/database/webgoat.mdb b/ webgoat/main/project/WebContent/database/webgoat.mdb
deleted file mode 100644
index fb0b2d492..000000000
Binary files a/ webgoat/main/project/WebContent/database/webgoat.mdb and /dev/null differ