Re: In what way do you assert that excerpt requires
Just because there is a way to access the data, doesn't invalidate encrypting it. I.e. the ability to access your OWN data does not mean you can access everyone elses.
What good encryption does is to ensure that someone who copies the entire database alone cannot get access to reams of data.
However there is a downside to encrypting all of the customer data. SQL queries no longer work on fields that are encrypted.
And if you build the ability to search the encrypted database into the SQL level, then once again you are vulnerable to SQL injection.