Xojo Cloud Database Security

I’m working on WebApp to help company in their documents management. I plan to work with Postgres Database. As I plan to work with a lot of companies and lot of users, my question is about security. I don’t want that anyone can see other data store in database. My strategy is to create a MainApp that stores user/password/companyname/dbname in a main database and create a database for each company.
Is it a good choice of architecture?
Maybe I can use a single database for all companies?
May I manage database user myself or use PostGres database user?
How many databases can be create on a single Xojo Cloud?
What’s about security access?
What’s about if my app was successful with a lot of company and users?
What’s about code maintenance?
Do you have any ressources I can read…

Extra: Did Xojo Cloud allow ftp access to file?

Thanks to share your opinion and advice
Sebastien

First of all, Xojo cloud servers are single tenant. That means that your software is there all by itself and the only people who have access are you and xojo (for maintenance purposes).

As far as storing this info, you should not be storing actual passwords but seeded hashes of them, that is, hashes that are created from the password plus a little bit of data that is only known to your software. In the event that the database was ever exposed, the attacker would also need to know what the seed was to be able to reverse engineer the passwords.

The seed should not be any other data that’s stored in the db.