/**
   * Add a new user to MedSavant.
   *
   * @param sessID the session we're logged in as
   * @param user the user to add
   * @param pass the password
   * @param level the user's level
   * @throws SQLException
   */
  @Override
  public synchronized void addUser(String sessID, String user, char[] pass, UserLevel level)
      throws SQLException, SessionExpiredException {
    PooledConnection conn = ConnectionController.connectPooled(sessID);
    try {
      if (user.startsWith(DATABASE_USER_KEY_PREFIX)) {
        throw new SQLException("Can't create user " + user + " -- illegal username");
      }
      // TODO: Transactions aren't supported for MyISAM, so this has no effect.
      conn.setAutoCommit(false);

      conn.executePreparedUpdate("CREATE USER ?@'%' IDENTIFIED BY ?", user, new String(pass));
      grantPrivileges(sessID, user, level);
      conn.commit();
    } catch (SQLException sqlx) {
      conn.rollback();
      throw sqlx;
    } finally {
      for (int i = 0; i < pass.length; i++) {
        pass[i] = 0;
      }
      conn.setAutoCommit(true);
      conn.close();
    }
  }
  @Override
  public synchronized void changePassword(
      String sessID, String userName, char[] oldPass, char[] newPass)
      throws SQLException, RemoteException, SessionExpiredException {
    PooledConnection conn = ConnectionController.connectPooled(sessID);
    try {
      conn.setAutoCommit(true);

      // Check that old password is valid.
      ConnectionController.revalidate(userName, new String(oldPass), sessID);

      // TODO: Check the new password against the current mysql password policy.
      // Change the password
      conn.executePreparedUpdate("SET PASSWORD FOR ? = PASSWORD(?)", userName, new String(newPass));
    } finally {
      for (int i = 0; i < oldPass.length; ++i) {
        oldPass[i] = 0;
      }
      for (int i = 0; i < newPass.length; ++i) {
        newPass[i] = 0;
      }
      conn.close();
    }
  }