An application server environment that uses connection pooling is augmented to include a database access control system having a database firewall. When the database firewall detects a security violation with respect to a request received via a pooled connection, the firewall skips over (i.e. do not forward) the violating request and instead creates an artificial error database protocol packet corresponding to the application request. The database firewall then sends the error database protocol packet as a response back to the application, using the pool connection. The application receives the database error as a response to the security violating request, and it responds by releasing the connection of the policy violation database user. By releasing the pool connection is this manner, the performance of other applications (or other clients) using the connection pool is not impacted. Preferably, the error packets include no sensitive information.