12

Avoiding Unwanted Data Manipulation and Undisclosed Exposures

Supabase is secure by default, but as with any other technology, the problem is when people cobble together a few copy-pasted parts from Google, StackOverflow, or ChatGPT without deeper knowledge of what it will imply. During the writing of this book, I found a massive security leak in a Supabase-powered application, leaking all the personal clients’ data. The problem wasn’t Supabase at all; it was sloppiness within certain areas of their application’s SQL expressions. This is what you want to avoid.

You already know how to protect your table data with RLS, that you can use additional internal schemas, and that an SQL function can adhere to RLS or run with admin rights. This chapter ...

Get Building Production-Grade Web Applications with Supabase now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.