Even if webserver and DBMS are on the same phisical machine one can separate networks by setting database in virtual server inside the main system (using for example VMware solutions).
You may want to establish the connections over SSL to encrypt client/server communications for increased security, or you can use ssh to encrypt the network connection between clients and the database server. If either of these is used, then monitoring your traffic and gaining information about your database will be difficult for a would-be attacker.
Even if webserver and DBMS are on the same phisical machine one can separate networks by setting database in virtual server inside the main system (using for example VMware solutions).
Another solution to protect your database is to have a seperate backend network exclusively used for database traffic. Your webserver(s) would have two interface cards: one facing the world, one facing the internal database network. This way- there's no chance of intercepting database traffic from the outside.