This was actually posted about a week ago, fell behind a little during travelling. Building a Security Philosophy was written to get people to think about they approach security. Do you give the proverbial Junior DBA only partial access? Do you believe in table access? Do you use the built in roles?
I have opinions on the topic, but it's not clear that there are always right answers, and definitely some that are situational. Many of us have the philosophy that we acquired at the first job, or from the first manager or peer - at some point it's worth revisiting to decide if we still agree with those principles held for so long!
Many posts including this one about as many as 70,000 sites being hacked using SQL injection and a vulnerability in MDAC that was patched in Sep 2006. You can see what's still out there by searching google for UC8010 and seeing it listed in the link title with a script tag. Definitely a good idea to make sure you're not listed!
