On 25/08/2016 15:58, Hohl, Gerrit wrote:
Yes, but an attacker can't access the database if that person is not on the machine itself.
Exactly.
And in this case I also don't have to encrypt it, right? ;-)
As long as you don't allow remote shells or anything stupid like that. And if an attacker does manage to get a shell running on your machine, encrypting your DB connection is probably the least of your worries.
-- John English
