hey oliver, we’re working hard on the security posture for Databases. Our priorities in order are:
1. SSH tunnels
2. SSL without certificate/domain validation
3. SSL with certifiate/domain validation
The reasoning is: usually using an SSH tunnel puts you in a trusted environment where MITM is not a threat (which is what #3 would guard against). From there you probably care about protection vs eavesdropping (#2), but then we still have #3 in cases where you can’t use an SSH tunnel.
which of the numbers above do you need for your usecase?