Certainly, systematic attacks like unpatched vulnerabilities are the DBA's issue, but most SQL Injection and other issues are not hte DBA's problem, they are the application developer's problem.
The statement: >>You have no idea where the sensitive data resides and even though some tools exist that try to identify sensitive data automatically, they are far from perfect, far more expensive and less thorough than if you simply ask the DBA.
lists the biggest issue in my mind with security: everyone thinks the DBA is a God.
The DBA doesn't have the slightest idea what is stored in the database - especially for anything other than a simple 7 table OLTP benchmark app. Most modern ERP systems are far too complex for the DBA to know anything about the data they contain.
== John ==
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
