Just about every (web)application being built uses just one SQL user to do all its queries. This SQL user usually has all privileges to read data from the database, as well as perform UPDATE, INSERT & DELETE queries.
Wouldn’t it be a good idea to use a separate SQL user with only SELECT privileges to perform all your data-retrieval (= most common) queries? This read-only user could greatly increase the security in your application, too.
Say you forget to sanitize your input (shame on you!), and someone manages to perform a SQL Injection. If you performed the query with only SELECT privileges, the SQL Injection Attack suddenly seems a lot less harmful. No DROP TABLE statements, UPDATE or DELETE – it’s only possible to append another SELECT statement to your query … So it’s still possible to read data that wasn’t ment to be read, but there’s no permanent damage to your database as a result.
You could stretch this pretty far too, using an UPDATE-only user for every UPDATE query, DELETE queries to be handled by a DELETE-only user, … This isn’t what I mean, of course :-)
But just think about it, use the privileges/right management that your database-system provides you, and use them. This isn’t even that hard to implement, if you’re using any form of database-class/database-handler – but it will make your application a lot more secure.