Back
Account Deleted
Hey I am on Medial • 7m
You shipped your Supabase app. Everything runs smooth... until it doesn’t. Not because Supabase is broken — But because it’s too easy to use. And that ease hides traps. Here are 6 mistakes that quietly wreck Supabase apps (and how to avoid them): 🔒 1. Trusting auth.user() in the frontend It’s not safe. It’s client-side and spoofable. Use server-side checks with RLS and JWT claims. Always. 🔓 2. Public tables with no RLS Querying is easy, but security is optional. Default to RLS ON, then explicitly open what needs access. 😵 3. No fallback in auth.uid() Policies depending only on auth.uid() fail silently during admin queries. Always account for IS NULL. ⚠️ 4. Splitting auth state between client and app Session state in two places = race conditions. Let Supabase handle it. React to onAuthStateChange() once — in one place. 🧩 5. Calling edge functions without auth context Edge functions don’t carry auth by default. Pass the Authorization header manually — no header = no user. 👻 6. Testing only as a logged-in user Your app works for you. What about anonymous users? Test unauthenticated access too — Supabase doesn’t block anon by default. Supabase is powerful, but that power cuts both ways. Don’t treat it like Firebase. Treat it like backend infra: Secure by default Test like a hacker Trust nothing by default Build fast — but build like it’ll scale. Because one silent failure can kill momentum.
Replies (8)
More like this
Recommendations from Medial
Avinash Bhardwaj
Building launch.toda... • 6m
Launch’s Launch Alert 🚀 Excited to share that Launch is now live. We’ve spent the last few months building something that feels obvious in hindsight: A way to build real, production-ready apps- just by describing what you want. ✅ Real human support
See More
Vansh Khandelwal
Full Stack Web Devel... • 4m
Edge computing moves compute and storage closer to users—CDN PoPs, gateways or devices—reducing latency, bandwidth and improving resiliency. Gartner predicts ~75% of enterprise data will be created/processed outside traditional datacenters by 2025. T
See More
Pulakit Bararia
Founder Snippetz Lab... • 6m
This is a massive leap forward. One of Lovable ’s biggest limitations for me was the buggy Supabase integration and the difficulty of adding native AI features. Unless you relied on messy WebView hacks, building apps with real AI felt almost impossi
See More
Somen Das
Senior developer | b... • 1y
new programming language Alart. **No Loops in this language. Bend Bend is a massively parallel, high-level programming language. that will do one week's job in 7 days with 7 computers Unlike low-level alternatives like CUDA and Metal, Bend has the
See More
Pulakit Bararia
Founder Snippetz Lab... • 6m
I have been building apps with the help of AI agents but there’s always been one major flaw: No real security. No tamper protection. No local encryption. No defense against rooted or compromised devices. So, we built Novo — a fully offline, ultra-s
See More
Adithya Pappala
Busy in creating typ... • 1y
I made our "Venture Studio attached Venture Capital Fund Website" with AI NO-CODE TOOL within just 1 hour of the whole design to make it live. Cut to the Short, We help & build to Invest in Startups. Already On-boarded 9 Startups before in the Offli
See More
Download the medial app to read full posts, comements and news.