Writing · Tag

Articles tagged "rls-policies".

2 articles on this topic.

·8 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag is the fix; here is when to use it.

Realtime broadcast scope is a security boundary, not a routing convenience: cover image

·8 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

Supabase Auth gives you auth.users for free. Roles need a second table, a trigger, and atomic deployment. Here's how the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image
← All articles