How does security and isolation work? If someone else's account is compromised, how do I know I won't be? If instant is compromised, how do I know I won't be?
If someone else's account is compromised, you would not be, because apps are logically separated. There would be no way for the compromised or uncompromised account to ever see your data.
If Instant is compromised, then that's a lot more dangerous. We minimize this risk following security best practices: keeping data encrypted at rest, keeping secrets hashed at creation time, etc.
"logically separated" as opposed to "physically separated" (pretty rare in the Cloud world)
If you want more details, read their open source codebase or ask them specifically what documentation would boost your confidence, instead of leaving snarky comments.
I would argue that saying the accounts are logically separated is a snarky comment. It’s akin to patting the reader on the head and saying “don’t you worry your pretty little head”. Logically separated says nothing. Distinct VMs are logically separated, containers are logically separated, as are storing data in different files which self-modifying PHP code which doesn’t check its inputs tries to keep distinct. It’s basically just saying their engineers do their best but any single bug leaks data. Which is better than saying their engineers don’t even try? Not really. It’s a completely empty statement.
Also, for people who actually care about security in the cloud, physically separated is not uncommon. Side channel attacks are real. Dedicated instances are not that hard if you really care about security.
HOW are they logically separated? Are there any layers to this security? Any standard established security boundaries like containers? Or is it just your app code doing its best not to have security bugs?
