Eric M Russell (4/12/2011)
Just for clarification, I didn't intend to compare fellow developers who occasionally code ad-hoc SQL to those other guys (idiots) who make u-turns on the interstate highway. It's not the same thing, and I myself have been in situations where I've had to resort to coding ad-hoc SQL to solve some problem like pivoting or complex filtering that would still require dynamic SQL even if it were done in a stored procedure. Even in that case, I'll grant the application account select permission on only the specific tables it needs.It was just that I think interstate dividers are a good non-IT example of implementing the Principle of Least Privilege.
🙂
I didn't take it as a "developers suck" as much as "people will take short cuts if they can".