It's as secure as the client. In other words, if you've set up DB access correctly so that the login provided only has permissions to do certain things - then anyone with that login only has permissions to do the same things your app does.
In other words - no it's not secure. But it's not really supposed to be either. Security is enforced at the database in this situation.
|