Hi,
I have a question regarding database design in more secure web applications. With more secure I don't mean banking websites, but some kind of business websites with public areas including frontend with free user registration with profile management, but also backend for companines with login for employees and appointment management and other tasks. As far as I understand, a common pattern seems to be separating frontend/backend and accessing database through an intermediate layer, which is communicating to the database as well as to frontend/backend.
But are there also patterns dealing with splitting the database also? I don't mean sharding, but rather putting sensible company information and logins into one database and user profiles and their logins into another. Or is the intermediate layer ensuring enough safety and therefore the only common pattern to separate database access?
I did a research but only found topics about access regarding database frontend/backend, which is not compareable to modern webservers.
Kind regards...Tom