While shared infrastructure poses unique challenges not present in an isolated environment, we follow industry standard best practices, such as allowing connections over only HTTPs and mTLS. A client certificate is required to connect to all TwiceDB instances, and each certificate allows connections only to a single TwiceDB user’s instance(s), limiting potential damage should a certificate become compromised.