Transparently encrypted storage of *any* kind (storage engine
based data encryption, truecrypt volume encryption, bitkeeper,
etc) is *just as insecure* to most types of attack as
non-encrypted data. SQL injection or security escalation
vulnerabilities, operating system vulnerabilities and cross site
scripting attacks could give attackers access to the database
data. It doesn't matter if you encrypt the database's
physical storage in the database itself (in the storage engine
layer) or on disk (at the filesystem level) since either way the
data is presented unencrypted through the SQL
interface.
Transparent encryption is great for protecting your laptop data
from theft by stealing your laptop. It is very unlikely
someone will attack your server by stealing it.
It doesn't protect you from a malicious SQL injection which drops
all your tables or reads all your data.
If you are …
Transparently encrypted storage of *any* kind (storage engine
based data encryption, truecrypt volume encryption, bitkeeper,
etc) is *just as insecure* to most types of attack as
non-encrypted data. SQL injection or security escalation
vulnerabilities, operating system vulnerabilities and cross site
scripting attacks could give attackers access to the database
data. It doesn't matter if you encrypt the database's
physical storage in the database itself (in the storage engine
layer) or on disk (at the filesystem level) since either way the
data is presented unencrypted through the SQL
interface.
Transparent encryption is great for protecting your laptop data
from theft by stealing your laptop. It is very unlikely
someone will attack your server by stealing it.
It doesn't protect you from a malicious SQL injection which drops
all your tables or reads all your data.
If you are …