Watch this video on YouTube
What is the most significant flaw in the system architecture where a payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID?