Quote:
All the apps I like to see use stored procs, but my requirements are not performance based, but security based, and it is much easier to meet FSA requirements with a limited set of stored procedures.
I can see that, and it's a good point. Our users are all internal to the company, so security isn't AS big of a deal. Still, it's an important consideration since no project stays confined to the rules under which it was initially developed, especially with regards to security.

Quote:
It is so common to see an app which appears secure at first glance but is vulnerable to a simple SQL Injection atack, thus rendering all the front end security laughable.
I would like to point out that I was referring to paramaterized in-line SQL, which is not vulnerable to SQL Injection attacks (not that any one who has access to these systems would know what a SQL Injection attack is). I do realize, however, that SQL Injection is not the only security concern that Stored Procs address. They can really allow you to lock down all access and tightly control what is being done to the data.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.