Encryption of databases - why?

Let me start by stating I am asking this question for my situation in particular. I know other people have their own ;). With that out of the way…

On a machine that already has the hard disk encrypted with FileVault (or T2-based Mac) and is used by one person what is the point of putting databases in an encrypted bundle?

Even if you’re using FileVault, if you’re logged in and you wander off to the bathroom in a coffee shop, I can walk over and open your databases and AirDrop myself some stuff. If you are using an encrypted database, I would be foiled by not knowing your password to open it.

Maybe. Except I don’t leave my laptop alone anywhere in public (more likely to get stolen) :wink: And even in that situation if my laptop weren’t at the lock screen I’d most likely have all of my databases open anyhow and accessible even if they were encrypted. The old adage about once someone has access to the console all bets are off is certainly true.

Db encryption doesn’t only protect you against physical access, it’s an additional layer of protection. Certain types of malware could for example manage to retrieve and send files over the internet while you are logged in and working on your machine. Having more sensitive records encrypted gives you some welcome additional protection.