On Sun, Feb 08, 2004 at 11:24:56PM -0800, Josh Berkus wrote: > The problem with this approach, of course, is that large application > developers generally like to make the database fairly "passive" and put all > business & security logic in the middleware. I do think it would be useful > for them to realize that they are sacrificing a significant portion of their > data security by doing so. Perhaps what would be best is some kind of a 'best practices' guide. There's far more that people should consider beyond just quoting strings; Josh's example is just one thing.
If written carefully, such a guide could serve both experienced DBAs as well as people who are very new to databases, since every database has it's own prefered way of doing things. -- Jim C. Nasby, Database Consultant [EMAIL PROTECTED] Member: Triangle Fraternity, Sports Car Club of America Give your computer some brain candy! www.distributed.net Team #1828 Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]