Writing · Tag

Articles tagged "rls-policies".

2 articles on this topic.

·7 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag plus RLS is the fix.

Realtime broadcast scope is a security boundary, not a routing convenience: cover image

·7 min read · supabase , supabase-auth , postgres

Two-layer identity models in Supabase: when auth and authorization disagree

auth.users gives you identity for free. Roles need a second table, a trigger, and an atomic migration. Here's where the gap breaks production.

Two-layer identity models in Supabase: when auth and authorization disagree: cover image
← All articles