Most computer security problems arise from buggy code. It seems clear that writing large, bug-free programs is and will remain beyond our abilities. We propose a different goal: protecting what really matters. On e-commerce sites, the web server is primarily a front end for a database. Protecting the latter is much more important than protecting the former. Doing this properly requires a different approach to overall system architecture.