Comment Re:Software testing ... what a novel concept (Score 1) 108
The error here is that the programmer was given a login to a database and that login had been granted "DELETE" permissions. On vital systems, the standard software should basically never be granted "DELETE" permissions, only CREATE, SELECT and UPDATE. Deleting a record should involve setting its status to "deleted" nothing else. There is only one reason (except the obvious ability to use referential integrity when doing business operations) to delete something from a table, and that is to free up space. Since it costs less to add more storage to the system than it does to pay a programmer to enter "DELETE FROM WHERE LAST_UPDATED
Programmers do frequently need to be given access to databases, and as such they will typically have lots of access to sensitive data. Sadly most companies include delete access when granting to the logins the developers use. That is never necessary. Only a single login should have delete access, and it should be strictly monitored.