You're right, I'm not being specific enough. By "break into my db server"
I really mean "obtain a copy of my database"
- How would the attacker do that? Gaining shell access to my server and doing a live dump of the db (only I have access to the machine, no shared-hosting or anything), stealing my backups, etc..
- Chance of the attack happening Hopefully very low but since I'm dealing with medical info I'm compelled to encrypt the database anyway
- the cost of successful attack A whole lot of badness
- the costs of the possible counter-measures and the effectiveness of the possible counter-measures The point of my post is to find out if any counter-measures exist, suggestions welcome!
I'm not so much concerned with SQL injection in regards to this question although I totally agree it's a really tough hole to protect against and something I'll also need to adrress in my code.