How secure is this security method in postgresql?

Question

For example I have 2 databases. One of them is called ecommerce which contains real customer information. Another is called ec1 which basically contains only views from tables of ecommerce.

We use our ec1 database to connect to our website or apps. How secure is this method in terms of back end security?

Answer 1

Only exposing ec1 is better than exposing ecommerce because you can reset ec1 using your "safe" values in case of corruption and you can keep some secret data only stored in ecommerce if it doesn't need to be used by your website or your app.

However, this is only a small portion of backend security. Having two different databases with real data and data views doesn't matter a lot if someone can access your server OR can corrupt your data.
I mean, if someone found a way to get some data he should be not authorized to read, it is bad even if it comes from ec1 and not from ecommerce

So yeah, exposing only views is a BETTER solution, but nothing can be said on the overall security because it mainly doesn't depend on that

EDIT: A detailed explaination of backend security is way beyond the possibility of a simple stackoverflow answer (and probably i am not the best teacher) but for basic server security you must take care of: - Firewall to stop every request but your webapps ones. - Updated software - good database passwords - The user you use for your application queries must only be able to perform operations on ecl1 database, while the views should be generated with a cron and using a different user

These are the main security enhancement tips that comes to my mind