I've been dealing with a security product from a security company
in recent days that breaks best practices with respect to the
database configuration. This has reminded me of the list of
issues I've seen over the past six months that have raised my
ire. I'll rail mostly at products that use SQL Server as the
back-end, but I'll save the last example for one that uses MySQL.
It's not the database products that are weak. It's the
application implementation on them!
Case #1: Don't EVER use SA and don't enable the network if you don't have to!
This said security product recommends the use …