APP135: Database Password Protection in Transit.
Does the application enable/implement a secure protocol (e.g., SSL) to protect database passwords in transit?
Guidance: Database connection strings containing passwords must be encrypted in transit when the application and the database are not running on the same platform. In general, most database systems support a secure protocol (e.g., SSL/TLS) for this purpose. When a secure protocol cannot be enabled or applied, IPSec or other secure protocol can be considered as a last resort for host-to-host encryption.