Q2:
Will DB encryption help stop Struts vulnerabilities eg, the recent one?
Is the following true (someone told me):
If hackers directly access the
database (say using sql query tools/command
to get sensitive data) on an encrypted DB, they would be stopped;
if they hacked a
user password or exploited a website (that had vulnerable
Struts to the encrypted DB, it would be no help.
It's kinda saying if my PC's HDD is encrypted (with a PBA password
required), hackers can't access a powered down HDD but if the PC
is powered up & logged in & there's a remote execution vulnerability
to my OS, hackers can still get data out of my encrypted HDD via
this remote execution vulnerability : is this a fair analogy?
Sun