[oofbey]

I would argue that saying the accounts are logically separated is a snarky comment. It’s akin to patting the reader on the head and saying “don’t you worry your pretty little head”. Logically separated says nothing. Distinct VMs are logically separated, containers are logically separated, as are storing data in different files which self-modifying PHP code which doesn’t check its inputs tries to keep distinct. It’s basically just saying their engineers do their best but any single bug leaks data. Which is better than saying their engineers don’t even try? Not really. It’s a completely empty statement.

Also, for people who actually care about security in the cloud, physically separated is not uncommon. Side channel attacks are real. Dedicated instances are not that hard if you really care about security.

[stopachka]

My choice of the word "logically separated", was meant to specifically answer the question the reader asked:

> If someone else's account is compromised, how do I know I won't be?

If you have other questions, you can feel free to ask, and I'd be happy to answer in more detail.

[redwood]

It'd be useful to understnad the nature of that logical separation: for example is data from different tenants stored on disk using different encryption keys? what about in memory? or perhaps there's no encryption-level isolation but you're relying on an authorization layer to authorize to different pieces of data: if that's the case is that built on Postgres's row-level security, for example?

These are fundamental points to be open and transparent about to instill confidence

[oofbey]

HOW are they logically separated? Are there any layers to this security? Any standard established security boundaries like containers? Or is it just your app code doing its best not to have security bugs?