This paper describes a database management system (DBMS) modified to use hardware write protection to guard critical DBMS data structures against software errors. Guarding (write- protecting) DBMS data improves software reliability by providing quick detection of corrupted pointers and array bound overruns. Guarding will be especially helpful in an extensible DBMS since it limits the power of extension code to corrupt unrelated parts of the system. Read-write data structures can be guarded as long as correct software is able to temporarily unprotect the data structures during updates. The paper discusses the effects of three different update models on performance, software complexity, and error protection. Measurement of a DBMS which uses guarding to protect its buffer pool show two to eleven percent performance degradation in a debit/credit benchmark.