It seems that an increasing amount of IT effort is being consumed by security issues. Plugging every potential hole can lead to tedious verification procedures and bloated code. Some aspects of system design were easier in the old days before WANS and TCP/IP. It seems we're moving backward, gaining red tape over time because of the need for more gates and guards at every layer. And even with all this extra time we spend, we're still not thorough enough. To do it "right" would require security auditors, security QA inspectors, etc. At what point does this become more expensive than the risk of breach? --top ''BadSecurityIsExpensive, too. A security hole can cost millions of dollars in recovery, supposing it is even recoverable. Examples abound in news and literature of security breaches hurting both legitimate businesses and criminal enterprises. There is a point at which the benefits from security can't be justified by the expense, I agree. But that point depends upon the assets being protected. It is, perhaps unfortunately, difficult to measure the cost that an attack would have had were it not prevented. It's sometimes even difficult to measure the cost a successful attack has... e.g. the cost from bad publicity due to having credit-card information stolen from your database.'' ''As a note, I appreciate the effort IT is making towards security issues, even though they aren't doing it right. I would NOT willingly and knowingly entrust MY information to someone who treats security or privacy casually. However, I would better appreciate more language support for making security easy... so that 'doing it right' is the natural thing, rather than the extra mile (or league).'' Most of the high-profile breaches relate to names, SSN's, credit card#s, and addresses of customers. For many processes you don't need these, so it makes sense to create for example a marketing research data warehouse that does not store these items. Even the customer number can be eliminated (or replaced with a mapped one) if you work it right. In short, don't carry around sensitive crap you don't need. Often it is helpful for other reasons to project data into tables or views that fit particular departments or users. Thus, one might as well trim out sensitive items in the process. --top Oh, I agree. Database security can't be improved by removing these things, but, where possible, you can make them lower-profile targets, thereby reducing the potential damage from any actual breach. One can consider this a form of PrincipleOfLeastPrivilege performed slowly, by hand. ------ CategorySecurity