Writing · Tag

Articles tagged "postgres".

4 articles on this topic.

·7 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag plus RLS is the fix.

Realtime broadcast scope is a security boundary, not a routing convenience: cover image

·8 min read · postgres , supabase , postgres-triggers

How to build a tamper-evident audit log in Postgres with one trigger

Build an audit log table, attach a SECURITY DEFINER trigger that captures every UPDATE and DELETE, lock it down with RLS. Forty lines of SQL.

How to build a tamper-evident audit log in Postgres with one trigger: cover image

·6 min read · supabase , postgrest , postgres

How a Postgres constraint rename silently broke production via PostgREST

PostgREST resolves onConflict against real constraint names at runtime. Rename a constraint and the upsert silently fails with a 400 nobody notices.

How a Postgres constraint rename silently broke production via PostgREST: cover image

·7 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

auth.users gives you identity for free. Roles need a second table, a trigger, and an atomic migration. Here's where the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image
← All articles