Client vs server-side database queries with Supabase
Using a Supabase client with NextJS is it secure to use the client to make database calls from the client side or should database calls still only be made from server side? I know some actions are fine to do from the client such as
auth related stuff.3 Replies
The REST client is secure from a browser as long as you understand the limits of a jwt and enforce RLS. You will get a range of opinions here and the wider internet on server only or browser access with a jwt.
I don't think Auth is any different than database access as the same discussions occur around auth on the server now being done with pkce, versus auth with just a jwt in local storage.
Firebase uses the same approaches as Supabase to auth and database access so it is not unique. I'm sure others will chime in.
I don't think Auth is any different than database access as the same discussions occur around auth on the server now being done with pkce, versus auth with just a jwt in local storage.
Firebase uses the same approaches as Supabase to auth and database access so it is not unique. I'm sure others will chime in.
Gotcha. I do have RLS enabled so i'm sure that helps as well. Thanks for the input.
With Supabase, is there any reason to send requests from my client side app, through my node/express backend, which handles the supabase server query as opposed to just doing it all on client side?