Back

Chamarti Sreekar

Passionate about Pos... • 22d

You shipped your Supabase app. Everything runs smooth... until it doesn’t. Not because Supabase is broken — But because it’s too easy to use. And that ease hides traps. Here are 6 mistakes that quietly wreck Supabase apps (and how to avoid them): 🔒 1. Trusting auth.user() in the frontend It’s not safe. It’s client-side and spoofable. Use server-side checks with RLS and JWT claims. Always. 🔓 2. Public tables with no RLS Querying is easy, but security is optional. Default to RLS ON, then explicitly open what needs access. 😵 3. No fallback in auth.uid() Policies depending only on auth.uid() fail silently during admin queries. Always account for IS NULL. ⚠️ 4. Splitting auth state between client and app Session state in two places = race conditions. Let Supabase handle it. React to onAuthStateChange() once — in one place. 🧩 5. Calling edge functions without auth context Edge functions don’t carry auth by default. Pass the Authorization header manually — no header = no user. 👻 6. Testing only as a logged-in user Your app works for you. What about anonymous users? Test unauthenticated access too — Supabase doesn’t block anon by default. Supabase is powerful, but that power cuts both ways. Don’t treat it like Firebase. Treat it like backend infra: Secure by default Test like a hacker Trust nothing by default Build fast — but build like it’ll scale. Because one silent failure can kill momentum.

8 Replies
8
15
Replies (8)

More like this

Recommendations from Medial

Abhishek Dwivedi

 • 

Karyarth • 1m

Customers whisper before they scream. Startups don’t fail from lack of signals. They fail because founders ignore them. Churn creeping up. Engagement slipping. Feedback feels… polite. By the time it’s obvious, it’s too late. The pivot should’ve h

See More
Reply
1

Poosarla Sai Karthik

Tech guy with a busi... • 3m

Sales is treated like a shitty job globally—because it’s rarely treated as a real role. Most startups don’t even have a dedicated sales person. They assume anyone can pick up a phone and sell. Even when they hire, it’s like: “Here’s a guy from the r

See More
Reply
2
Image Description
Image Description

Trilok SHARMA

Entrepreneur • 6m

I have a problem solver idea ... Those who have not yet come in the market, those who are in debt, those who are defaulters, they do not get loan from anywhere, for them we should start a loan portal in which we will take care of everything from the

See More
6 Replies
4

Srijeet Singha

• Founder of Arbesha... • 1m

Struggling to land your first client online? Here’s EXACTLY how I did it at 15 from my room. 🧠 Use just ONE free AI tool 💼 Solve a real problem 💰 Get paid internationally 📍 No website,portfolio Just results Client was flooded with 100+ resumes

See More
Reply
2
Image Description
Image Description

vishakha Jangir

 • 

Set2Score • 7m

Yesterday, I learned an important lesson: 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿'𝘀 𝗱𝗼𝗻’𝘁 𝘄𝗮𝗶𝘁 𝗳𝗼𝗿 𝗮𝗻𝘆𝗼𝗻𝗲 . I was connected with one of my clients regarding a project, and we were negotiating the payment. During this process, I got busy with another cli

See More
10 Replies
4
16
Image Description
Image Description

Vishu Bheda

 • 

Medial • 3m

𝗧𝗵𝗲 𝗠𝗼𝘀𝘁 𝗣𝗼𝘄𝗲𝗿𝗳𝘂𝗹 𝗚𝗿𝗼𝘄𝘁𝗵 𝗛𝗮𝗰𝗸 𝗕𝗶𝗴 𝗧𝗲𝗰𝗵 𝗨𝘀𝗲𝘀 (𝗧𝗵𝗮𝘁 𝗡𝗼𝗯𝗼𝗱𝘆 𝗧𝗮𝗹𝗸𝘀 𝗔𝗯𝗼𝘂𝘁) Most people think Big Tech wins because their product is the best. 𝐍𝐨𝐭 𝐭𝐫𝐮𝐞. They win because they control 𝐝𝐞𝐟

See More
5 Replies
7
22

Siddharth K Nair

Thatmoonemojiguy 🌝 • 2m

When a Brand Name Becomes the Language You don’t search, you Google. You don’t buy adhesive, you grab Fevicol. You don’t ask for toothpaste, you ask for Colgate — even if it’s not Colgate. This is what marketers dream of: Becoming the noun. The act

See More
Reply
3
Image Description
Image Description

Himanshu Singh

 • 

Wherehouse • 3m

Explaining Server Sent Events! Server-Sent Events (SSE) is a technology that lets a web server send real-time updates to a client, like a browser, over a single, long-lasting HTTP connection. It’s a simple, efficient way to push data from the serv

See More
3 Replies
5

Bharad Edera

🚀 Follow me to stay... • 1m

🚨 API vs MCP: APIs are great. But MCP? Let's deep dive (<1min) 💡 So what’s the difference? Isn’t MCP just another API in disguise? Not quite. They look similar at first glance — but under the hood, MCP is purpose-built for modern AI and agenti

See More
Reply
1

Download the medial app to read full posts, comements and news.