I don't think you can secure it completely but you can detect changes. A trigger as suggested will work except with outright sabotage where someone disables the trigger! To cover that, have an encrypted validation field (a hash total or something) which you gui compares with the actual data. Any discrepancy then generates an alert and you will need to do a restore (or look it up in a 'shadow' database on a different server with completely different permissions).