But what if we are using the experimental Postgres user by column functionality. We wouldn’t need RLS persay. Forgot what it’s called by it’s in alpha mode in supabase
I feel like the title is misleading. I clicked on a video about database mistakes and bro launches into what sounds like a schpeel for a sponsored software.
This is pretty cool! Does the security linter take into account manually revoked privileges on anon/authenticated? Often do this when just using the DB through an ORM.
It won't let me delete duplicate index. Is it because there are already entries? Also, there's this video about how to make triggers on auth via SQL Query since it's not possible manually. I created triggers on sign up following their instructions but this showed "Function Search Path Mutable" in the Security advisor. I tried to `drop` this trigger via SQL editor but it won't drop. How to fix this?
This was nice, I was not aware of RLS in postgres, however I think its much easier to maintain security and access logic in our application instead of defining such policies on the DB itself. The end users won't access the DB directly and would go through our backend apis, therefore its much simpler to implement complex business logic related to authorization and authentication on the application instead of the DB.
@@akash-kumar737 Why do you need RLS, when users access your db via your application, why is this required? Anyways this was added recently in postgres so how did people use their db before this feature? Remember, adding this stuff to your db can also affect performance of queries. Lastly ,I have worked in so many different organisations and never seen this kind of thing before, all the security logic was in the backend application. I am sure there are special situations where RLS would be useful however I don't think this is needed in general
@@arpanghoshal2579 the thing is: if your project is using Supabase, your project's database is already exposed to the public internet via PostgRES and supabase-js, for instance. Then, without RLS and the appropriate policies configured for each table within the public schema, anyone could freely manipulate (select, insert, update, delete) any data from those tables without even being authenticated...
Absolutely love this. Best thing about this is that RLS is a Postgres feature so its not like wasted knowledge.
I really love supabase i use it on every project it's a one stop solution for my needs
That’s awesome! Glad you’re enjoying it! 🚀
Supabase is probably the best product out there for db, it's beyond words
After seeing PlanetScale's "schema reccomendations," Splinter is exactly the feature I was hoping for! Great work!
Great feature and video! I think it will be more accessible if these adviser will always appearer in the top of the Supabase Studio.
But what if we are using the experimental Postgres user by column functionality. We wouldn’t need RLS persay. Forgot what it’s called by it’s in alpha mode in supabase
Ok, this is awesome -- but it also means I have a lot of work to do now to make my database better! Thanks supabase team!
How did you add the swipe/transition sound? was it a manual add or automatic through some tool? Asking in case I want to try it in the future.
I feel like the title is misleading. I clicked on a video about database mistakes and bro launches into what sounds like a schpeel for a sponsored software.
This is pretty cool! Does the security linter take into account manually revoked privileges on anon/authenticated? Often do this when just using the DB through an ORM.
sweet, a nice way to learn postgres best practices, just what i needed. Even transfers to other db types 💪
It won't let me delete duplicate index. Is it because there are already entries?
Also, there's this video about how to make triggers on auth via SQL Query since it's not possible manually. I created triggers on sign up following their instructions but this showed "Function Search Path Mutable" in the Security advisor. I tried to `drop` this trigger via SQL editor but it won't drop. How to fix this?
Supabase has become so amazing!
Great video, however, it's super annoying that the whoosh sound effect is only in the left ear
agreed! and it's too loud.
Transaction API when 😢
What happened to the signature black cap 🧢 ?
thank you so much for this. Brilliant tips!
VERY VERY well done!
Why I don't see that sidebar, for my project? 2:44
This was nice, I was not aware of RLS in postgres, however I think its much easier to maintain security and access logic in our application instead of defining such policies on the DB itself.
The end users won't access the DB directly and would go through our backend apis, therefore its much simpler to implement complex business logic related to authorization and authentication on the application instead of the DB.
Nope you want Security at DB layer too.
Now I see how entire db get hacked and made public.
@@akash-kumar737 Why do you need RLS, when users access your db via your application, why is this required? Anyways this was added recently in postgres so how did people use their db before this feature? Remember, adding this stuff to your db can also affect performance of queries. Lastly ,I have worked in so many different organisations and never seen this kind of thing before, all the security logic was in the backend application.
I am sure there are special situations where RLS would be useful however I don't think this is needed in general
@@arpanghoshal2579 the thing is: if your project is using Supabase, your project's database is already exposed to the public internet via PostgRES and supabase-js, for instance. Then, without RLS and the appropriate policies configured for each table within the public schema, anyone could freely manipulate (select, insert, update, delete) any data from those tables without even being authenticated...
When will offline support be official?
Yeah man they need to work on DX
You forgot to say never use a delete without where
God bless u MAN
I found 17 things to fix in my db...
We should have a leaderboard for “Most Opportunities”
@@JonMeyers 🤣
Please never put the swipe sound in again… I hate it, so distracting. I’m now not listening and in the comment section complaining…