I have a theory about the design of a new site I am working on. If a user accounts table is in one database, and the site content tables in another database, then it would be impossible for a hacker to use SQL injections in a form unrelated to the user database to get data from a table he should not have access to.
Is my thinking correct or incorrect?