Defer all direct database access to a middle-tier process that prompts for a user at startup.

I'm in the process of building something like that at the moment. Essentially it's an internal web server that accepts connections from hosts on the local net. This process connects to the Sybase database with a specific user/password that is only allowed to execute stored procedures. Each stored procedure checks and that the remote user/host that wants to execute it is authorized to do so.

It's probably not completely fool-proof, but it greatly limits the damages that any compromise of the front-end web servers could cause.

Michael