+ // In theory, we should check database authorisation for
+ // extended services, too (A) the proxy currently does not
+ // implement XS and turns off its negotiation bit; (B) it
+ // would be insanely complex to do as the top-level XS request
+ // structure does not carry a database name, but it is buried
+ // down in some of the possible EXTERNALs used as
+ // taskSpecificParameters; and (C) since many extended
+ // services modify the database, we'd need to more exotic
+ // authorisation database than we want to support.