zlacker

[return to "Comparing Postgres Managed Services: AWS, Azure, GCP and Supabase"]
1. gkapur+6m[view] [source] 2024-03-04 19:22:15
>>saisri+(OP)
Do what it’s worth supabase definitely feels slow to me. Neon, in contrast, feels lightning fast for my workloads.
◧◩
2. kbar13+sp[view] [source] 2024-03-04 19:38:36
>>gkapur+6m
for what it's worth i use supabase because it's the fastest way to get from 0-1 for app development. most backend stuff for getting off the ground is not very interesting so getting the graphql api, oauth integration, db migrations, some user authorization story for free is what i'm looking for from supabase.
◧◩◪
3. Sai_+1A1[view] [source] 2024-03-05 04:29:22
>>kbar13+sp
I’m using Supabase for similar reasons but there’s one specific situation I’m trying to sort out.

Say you have a user “profile” which includes their privileges - like say a column named “privileges” which is some JSON object denoting what they can/can’t do.

Even with RLS, how do you ensure that a user can’t simply make a curl call with their own JWT to elevate their own privileges?

Basically, how to enforce column level security?

The best thing I can think of is to place “privileges” in a child table and only let the service account update that table.

◧◩◪◨
4. kbar13+hC3[view] [source] 2024-03-05 18:22:21
>>Sai_+1A1
i think i would have permissions in a different table
◧◩◪◨⬒
5. Sai_+7f5[view] [source] 2024-03-06 08:13:27
>>kbar13+hC3
Supabase is alpha testing column level security as a Feature Preview that you have to enable in your project. I’m using it now. Works well.
[go to top]