Re: It's not about the product
The reason why developers are giving users access to the DB is because of poorly trained, lazy and stupid DBAs who grant full access to developers...Security is the responsibility of the DBA.
NO. Security is the responsibility of EVERYONE. Yes, the DBA should not be allowing developers to set access controls. But even if a DBA makes such a mistake, that doesn't excuse the developers employing boneheaded programming practices that extend such weaknesses to the users.