Back
Account Deleted
Hey I am on Medial • 2m
You shipped your Supabase app. Everything runs smooth... until it doesn’t. Not because Supabase is broken — But because it’s too easy to use. And that ease hides traps. Here are 6 mistakes that quietly wreck Supabase apps (and how to avoid them): 🔒 1. Trusting auth.user() in the frontend It’s not safe. It’s client-side and spoofable. Use server-side checks with RLS and JWT claims. Always. 🔓 2. Public tables with no RLS Querying is easy, but security is optional. Default to RLS ON, then explicitly open what needs access. 😵 3. No fallback in auth.uid() Policies depending only on auth.uid() fail silently during admin queries. Always account for IS NULL. ⚠️ 4. Splitting auth state between client and app Session state in two places = race conditions. Let Supabase handle it. React to onAuthStateChange() once — in one place. 🧩 5. Calling edge functions without auth context Edge functions don’t carry auth by default. Pass the Authorization header manually — no header = no user. 👻 6. Testing only as a logged-in user Your app works for you. What about anonymous users? Test unauthenticated access too — Supabase doesn’t block anon by default. Supabase is powerful, but that power cuts both ways. Don’t treat it like Firebase. Treat it like backend infra: Secure by default Test like a hacker Trust nothing by default Build fast — but build like it’ll scale. Because one silent failure can kill momentum.
Replies (8)
More like this
Recommendations from Medial
Avinash Bhardwaj
Building launch.toda... • 1m
Launch’s Launch Alert 🚀 Excited to share that Launch is now live. We’ve spent the last few months building something that feels obvious in hindsight: A way to build real, production-ready apps- just by describing what you want. ✅ Real human support
See More
Poosarla Sai Karthik
Tech guy with a busi... • 5m
Sales is treated like a shitty job globally—because it’s rarely treated as a real role. Most startups don’t even have a dedicated sales person. They assume anyone can pick up a phone and sell. Even when they hire, it’s like: “Here’s a guy from the r
See More
Mehul Fanawala
•
The Clueless Company • 28d
You’ll judge me for this… but I always notice. Whenever I visit an office, a hotel, or even someone’s home, my eyes automatically scan for one thing. A glowing light in an empty room. A fan spinning with no one underneath. An AC humming while the w
See More
Pulakit Bararia
Founder Snippetz Lab... • 1m
This is a massive leap forward. One of Lovable ’s biggest limitations for me was the buggy Supabase integration and the difficulty of adding native AI features. Unless you relied on messy WebView hacks, building apps with real AI felt almost impossi
See More
Vishnu Dileesh
Engineer | Entrepren... • 1m
Pulse Loop – Indie Dev Log #3 Core screens are done. Auth is wired up with Clerk. Smooth. Now I’m diving into the real stuff—data, logic, systems that don’t just look good, but actually work. Supabase is set up. Tables are live. Relationships mapp
See More
Download the medial app to read full posts, comements and news.