> If it comes across academic... well that is coincidental.

"academic" in the sense that it sounds like a classroom argument, not one that is about implementation in the real world. No offense meant.

> Yes, it's called marketing. Mostly it has very little to do
> with security issues addressed by my article.

Only "marketing"? I would disagree if you said yes.

> but whether it
> is a good idea for a project with limited resources to do so
> is much less certain

all products have that restriction.

> You face the real dilemma that your clients have heard of
> encryption and believe that encryption = security - and I
> well understand that instructing clients about these sorts
> of subjects can be difficult.

Password-character requirements can help.

> If you sell the application to your clients as a package then
> it should be feasible to re-package your product to install
> TrueCrypt or similar product. This is essentially the same
> result as if the database engine did the encryption:

I will look into these, but I still would like to see it at the database level. But we can agree to disagree.

Ed Dressel