Important Security Gotchas
SQL Server (Encrypt & TrustServerCertificate)
Modern Microsoft SQL Server drivers default Encrypt=True. If your server uses a self-signed SSL/TLS certificate, connection attempts will fail with a certificate validation error. In development environments, you may bypass this by adding TrustServerCertificate=True. However, in production, you must bind a certificate signed by an enterprise CA to the SQL server and avoid trusting arbitrary certificates.
PostgreSQL & MySQL SSL Modes
PostgreSQL uses parameter sslmode with options: disable, allow, prefer, require, verify-ca, and verify-full. MySQL uses ssl-mode with options: DISABLED, PREFERRED, REQUIRED, VERIFY_CA, and VERIFY_IDENTITY. verify-full (or VERIFY_IDENTITY) prevents man-in-the-middle attacks by checking that the hostname matches the Common Name in the certificate.