Writing · Tag

Articles tagged "security".

5 articles on this topic.

·8 min read · supabase , supabase-realtime , security

Realtime broadcast scope is a security boundary, not a routing convenience

Default-public Realtime broadcasts leak message bodies to every subscriber. The private-channel flag is the fix; here is when to use it.

Realtime broadcast scope is a security boundary, not a routing convenience: cover image

·7 min read · security , supabase , auth-jwt

User enumeration via password reset: the bug in default forgot-password flows

Most forgot-password endpoints leak whether an email exists. The fix is one rule: return the same response always, regardless of account status.

User enumeration via password reset: the bug in default forgot-password flows: cover image

·7 min read · security , supabase , edge-functions

Origin validation in edge functions: the open redirect you ship by default

Edge functions that trust the Origin header for redirect URLs are open-redirect vulnerable. Here's the allowlist pattern that closes the gap.

Origin validation in edge functions: the open redirect you ship by default: cover image

·10 min read · authentication , security , 2fa

How to Implement TOTP(time-based one-time passwords) based 2FA in Bubble.io Without Using Any APIs?

Learn how to add Google Authenticator–style 2FA in Bubble.io using the Crazy Two Factor plugin - no APIs, no plugins, just secure TOTP authentication.

How to Implement TOTP(time-based one-time passwords) based 2FA in Bubble.io Without Using Any APIs?: cover image

·11 min read · bubble , bubbleio , security

Bubble.io API Security Best Practices

Learn how to secure API calls and manage tokens in Bubble.io with effective steps and best practices to protect sensitive information

Bubble.io API Security Best Practices: cover image
← All articles