Writing · Tag

Articles tagged "api-security".

4 articles on this topic.

·7 min read · security , supabase , auth-jwt

User enumeration via password reset: the bug in default forgot-password flows

Most forgot-password endpoints leak whether an email exists. The fix is one rule: return the same response always, regardless of account status.

User enumeration via password reset: the bug in default forgot-password flows: cover image

·7 min read · security , supabase , edge-functions

Origin validation in edge functions: the open redirect you ship by default

Edge functions that trust the Origin header for redirect URLs are open-redirect vulnerable. Here's the allowlist pattern that closes the gap.

Origin validation in edge functions: the open redirect you ship by default: cover image

·8 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

Supabase Auth gives you auth.users for free. Roles need a second table, a trigger, and atomic deployment. Here's how the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image

·5 min read · apis , no-code , nocode

Bubble.io Tips - 3

Learn essential Bubble.io privacy and security tips, optimize API calls, and implement best practices to protect your data and improve performance

Bubble.io Tips - 3: cover image
← All articles