Comment by stopachka
7 days ago
If someone else's account is compromised, you would not be, because apps are logically separated. There would be no way for the compromised or uncompromised account to ever see your data.
If Instant is compromised, then that's a lot more dangerous. We minimize this risk following security best practices: keeping data encrypted at rest, keeping secrets hashed at creation time, etc.
Keyword is "logically" separated here...
Also no motion of data encrypted during transit.
Would not use this for anything other than toy projects.
Oh they’re logically separated. Thanks for explaining that. Now I’m certain nothing could possibly go wrong.
/s
"logically separated" as opposed to "physically separated" (pretty rare in the Cloud world)
If you want more details, read their open source codebase or ask them specifically what documentation would boost your confidence, instead of leaving snarky comments.
I would argue that saying the accounts are logically separated is a snarky comment. It’s akin to patting the reader on the head and saying “don’t you worry your pretty little head”. Logically separated says nothing. Distinct VMs are logically separated, containers are logically separated, as are storing data in different files which self-modifying PHP code which doesn’t check its inputs tries to keep distinct. It’s basically just saying their engineers do their best but any single bug leaks data. Which is better than saying their engineers don’t even try? Not really. It’s a completely empty statement.
Also, for people who actually care about security in the cloud, physically separated is not uncommon. Side channel attacks are real. Dedicated instances are not that hard if you really care about security.
3 replies →