Fixes tagged Security
2 fixes · back to all fixes
SupabaseSecurity
Use signed URLs, never public storage URLs
A public Supabase bucket is the quick way to show user uploads, and a permanent data leak. Private bucket, owner-scoped policies, and short-lived signed URLs give you the same convenience without handing out forever-links.
2 min read →
SupabasePostgres
Rate limiting in Postgres, no Redis
You don't need Redis or a third-party service to rate-limit a Supabase app. One table, one atomic upsert, and a security-definer function keyed to the user. Race-safe and impossible to bypass.
2 min read →