@fyjham said:
Hey, let's do this with our database designs. If we design a weird enough database then we don't have to worry about SQL injection cause they won't know what to do if they get access! :)
In one company I was sold to I was responsible of moving an IBM iSeries machine to a offsite hosting facility where we had a private rack and a connection to the internet. The iSeries had been (and still was) administered over telnet and had still some default passwords (QSECOFR, anyone?) no one had bothered to change. The rack had been housing some Linux boxes I also maintained which had their firewalls tightened up so I hadn't seen the need to add a firewall in front of them. But telnet access, default passwords, egads. So I went to The Boss and asked if we shouldn't buy and install a firewall to protect the iSeries machine. He said that it isn't necessary, since even if someone would manage to log in, they wouldn't be able to figure out what to do with the thing!
At the end sanity prevailed and a firewall was bought and installed and administration was then done over VPN. Not long afterwards I changed jobs...