|
|
|
|
|
|
by michelpp
1508 days ago
|
|
|
Disclaimer: I work at Supabase on database security. The link you posted is a great guide to sensible security practices with Supabase. It's worth noting that the feature highlighted, Row Level Security (RLS) is a native Postgres feature and not Supabase specific in any way. https://www.postgresql.org/docs/current/ddl-rowsecurity.html One immediate benefit of using native security is that it applies to all types of database clients and tools uniformly. we're not blocked in the future adding more integrations. And it works both ways, if you are using RLS in an existing postgres deployment you can migrate to Supabase and your existing trusted policies will come with you. It also means that we can avoid creating a whole class of security bugs by starting from scratch, and take advantage of the millions of collected human-hours of work that already exists. Security is hard because it is adversarial and it is hard to reproduce or even conceptualize a truly threatening environment without experience. One of our guiding principals is to stand on the shoulders of the core developers and not implement our own core security model, but to use the native one as a foundation for even more powerful security concepts to come. We're actively discussing a lot of ways to make this even easier and safer for customers. |
|
|