There is an old adage that states, "there are no free lunches".
This cannot be more true than in the case of universal data access (ODBC, JDBC, ADO.NET, and OLE-DB) and security. There is a recently published article on our web site that sheds light on how we have engineered our data access technology to enable our customers enjoy secure and high-performance database connectivity when utilizing any of our Multi-Tier Database Connectivity drivers.
It is no secret that technologies such as ODBC, and to a fair degree JDBC, have generated a good share of undeserved criticism over the years in relation to their fundamental value propositions (providing transparent access from compliant applications to backend databases via seperation of application and database connectivity APIs), and that one of the unfortunate offshoots of this negative press is the contradictory perception that these components are valueless (i.e. they are worth $0.00). Thus, the emergence of the "free is good enough" syndrome which is predicated on the misconception that data access drivers (data source connectivity API implementations) simply provide connectivity and that's it.
If you want to open up your organization (whatever your variation internal, external, internet, extranet, intranet etc.) for the worst of all worlds (deliberate or inadvertent attacks on your data) the FREE is GOOD. Otherwise, when dealing with data access drivers you have to bear the following in mind (covered in detail in the data access security article):