Writing · Tag

Articles tagged "postgres".

4 articles on this topic.

·8 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag is the fix; here is when to use it.

Realtime broadcast scope is a security boundary, not a routing convenience: cover image

·7 min read · postgres , supabase , postgres-triggers

How to build a tamper-evident audit log in Postgres with one trigger

Step-by-step: build an audit log table, attach a SECURITY DEFINER trigger that captures every UPDATE and DELETE, lock it down with RLS.

How to build a tamper-evident audit log in Postgres with one trigger: cover image

·7 min read · supabase , postgrest , postgres

How a Postgres constraint rename silently broke production via PostgREST

PostgREST's `.upsert({ onConflict: 'name' })` resolves against your real constraint name. Rename the constraint and the upsert silently fails.

How a Postgres constraint rename silently broke production via PostgREST: cover image

·8 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

Supabase Auth gives you auth.users for free. Roles need a second table, a trigger, and atomic deployment. Here's how the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image
← All articles