True

False

Using eval() on inputs

Strict input validation and parameterized queries

Giving the DB user full admin rights

Store large BLOBs

Perform automated database backups

Manage and audit encryption keys/secrets safely

It’s slow

It can execute arbitrary code from the user

It can’t handle strings

It doesn't support variables

There is no problem with that

Because people with log access can see them breaking least privilege rule

Because logs are often accessible and can leak secrets

In a .env file committed to the repo

As a plaintext string in your source code

In Azure Key Vault with restricted access

Inside a shared Excel file on SharePoint

Data duplication

Time zone issues

Code duplication

Lateral movement in case of a breach