I am doing research on large-scale webservices and I am trying to understand what common techniques are to prevent user data being accidentally leaked to other logged in users. Especially where end-to-end encryption is not possible because the server needs to be content aware of the data.
So, Imagine a high-frequented service like GitHub, Google Docs or Stackoverflow. In a naive/classic database environment there is a database with a huge table called
users and fields like
Is that it? What abstraction layers or mechanisms are used to prevent data being exposed due to attacks or simply bugs? I would like to avoid under any circumstances that e.g. due to a bug in the usage of a
SQL INNER JOIN data gets exposed to another user.
Let’s assume I have a service like Google Docs where a few users have access to the same document. I was thinking about a database per document because I would have a single connection handle and from there I could be assured that a faulty access to another database is pretty much impossible.
But that would mean that every (RESTful)-request would result in a new connection because keeping more than just a few hundred connections open is out of question. Also initiating a new connection to each database for every single request takes too much time. So to keep it short, are there any talks, papers or resources which focus on this issue and how to solve them in a secure and performant manner?