Web applications are the Achilles' heel of database security, says DarkReading Database in its tally of the top six database breaches of 2010. In the #2 spot is the University of Louisville, where a staff doctor set up a Web app that tapped into a database of dialysis patients. His neglect to use password protection put hundreds of patient records at risk; records were openly available online for more than a year. A good Samaritan eventually informed the university via email. Article