Hi Brian,

quote:

---

Like I said, as a DBA, you're really hand-cuffed if the developer doesn't build the application securely. Hence the reason for code reviews. Pair programming, a la Extreme Programming, ain't a bad practice, either, so long as one of the programmers is versed in defensive programming.

---

not only SQL Security or app security is relevant. If you're talking about ASP ISP one really huge security hole is the provider himself and his knowledge about the Windows OS he is using. I have a script utilizing the FileScriptingObject I used to test my provider and he fails the test. If it is wanted I will post the script (of course, only for demonsration purposes only!!!!)

Cheers,

Frank