I read a comment that when doing the data encryption at the database level as opposed to application level, some of the data will linger in its raw plain text format in the logs. True or false? and is it something I should worry about?
Yes. For example, a credit card number query may be printed in a log. You must disable or selectively log to prevent this from happening.
Ok,
Well if you do data encryption at the database level this means you're transferring the data in cleartext over the various channels, routers, and into the application.
So in order to make it secure, you'd have to secure every channel from end-to-end which obviously creates a bigger security risk. Especially since you do not have control over every node and channel from your database to your application in general.
That is why in my opinion, you should do the encryption at the application level (server side to avoid tampering) and to send that over the wire. No matter what happens in the middle you'll be assured that your data is still safe.
Note: Even if DB and Application reside on the same server, this is still valid as you may consider the possible direct connection between the application and the DB as a channel.
Kind Regards,