Database Security -- WTF?

On my regular excursions as a faceless drone working for a faceless corporate providing technical and other help to other faceless drones working for other faceless corporates, I never fail to be astounded at how little people care about database security.

From banks to retailers, from telcos to corner shops, nobody gives a fucking shit. Even the most basic precautions appear to be too much trouble, let alone doing it seriously. I suppose with our glorious government leaving data all over the place, why should they care?

Apart from the fact that it's one rule for them and a different rule for us, of course!

Take half a day to sort out some basics:

1. Can someone pick up your server and walk out the building with it? If so, make it someone else's problem to sort that out! Easy!
   
2. Keep your version of your database server reasonably current. Security is often patched in at random times as vulnerabilities are discovered. This isn't an unreasonable thing to do.
3. Deny write permissions for server binaries and key files, and see where you can trim read access.
4. Have a password policy for root, informix, oracle, whatever. If your database has a bunch of default access passwords, change them!
5. Try not to use /tmp for anything database-related.
6. Only install from a trusted source. Take a checksum on binaries after the install, and check it every month or so.
7. Encrypt communications between clients and servers or servers and other servers. Mostly, you can make this a sysadmin's problem. Try for SSL, because it's being maintained and enhanced continuously.
   
8. Set DBCREATE_PERMISSION in your onconfig.
9. Use NODEFDAC.

You're looking at about a half a day's work, apart from maybe scripting the checksum validation, which is hardly rocket salad either. In exchange for which, your database will be ten times more secure than the next guy's.

Come on, get off your arse!