What are the security implications of websites accessing database views instead of using stored procedures? The views in question are only being read from; not written to.
The applications in question are ASP.Net MVC 2 using the Entity Framework (v.4).
One security implication - probably the biggest: Views leave you open to the same SQL Injection flaws that accessing tables directly does, if you're building your select statement based on user input.
That's about it, and only if you're basing your SQL statement on input. If you just have a view that is static and you never filter or sort based on input, just select fields from the view, you're no safer or less safe with a stored procedure that returns the same results without parameters.
Other than that, using stored procedures is, in my opinion, just a good habit, and in SQL Server you get optimization features from stored procedures, but that's not security related.