Comment by alexfoo

It all comes down to where the boundary for data access is implemented, and how strictly.

If your webapp has unfettered database access then don't be surprised if it is hacked and someone can do `select * from users` and then posts that dump somewhere.

The attack surface changes if your webapp can only do a REST call to pull a single user record at a time. That way you can put some auditing in, you can put rate limiting in to detect that, etc.

Obviously the user record REST api endpoint is still vulnerable, but it's a much smaller attack surface, easier to audit, and can be monitored a lot more closely.

Yes, ultimately, there will still be a set of vulnerable humans that have access to the database servers themselves and they can always walk out of the place with an SD card hidden in a Rubik's cube but there has to be an element of trust somewhere.

The problem is that too many people put that trust boundary way too far out into the big bad Internet. Or don't even consider it at all and just rely on the fact that other targets are more appealing.