I have been a big proponent of encrypting the content database for a long long time. You can see that is proved via the event handlers and custom actions via SharePoint Designer labs that I have built in my 50064 course. When you do encryption though, you gain security at the loss of functionality (Search, browsing, all kinds of things…). But on the other hand, just leaving your content database for a DBA to handle means that you have a security hole (the DBA). They simply have to run the attached program to dump the contents of the Content Database. Super easy…super big hole…and…super fast!
static void Main(string args)
Hashtable ht = new Hashtable();
SqlConnection conn = new SqlConnection("server=localhost;database=wss_Content;uid=sa;pwd=Pa$$w0rd");
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from alldocs ad, alldocstreams ads where ad.id=ads.id";
SqlDataReader reader = cmd.ExecuteReader();
string filename = reader["leafname"].ToString();
int cnt = (int)ht[filename];
filename += cnt.ToString();
ht[filename] = cnt;
byte file = (byte)reader["content"];
File.WriteAllBytes("c:\" + filename, file);
//Done stealing your data…press enter to walk away 🙂
Use auditing on your databases.