Encrypting the data reduces the attacker’s options, and allows you to focus your resources on hardening the application against attack, safe in the knowledge that an attacker who gets into the database directly isn’t going to get anything valuable.
And what’s more likely, you get access to my public facing crappy node or Rails app or the Postgres server on a private local network?
And what’s more likely, you get access to my public facing crappy node or Rails app or the Postgres server on a private local network?