Where possible I've always used stored procedures as the only way for the 'users' to access the DB, Most DBs have fairly comprehensive security that means an admin can prevent users from doing anything unless specifically allowed.
Where possible I've always used stored procedures as the only way for the 'users' to access the DB, Most DBs have fairly comprehensive security that means an admin can prevent users from doing anything unless specifically allowed.