looking for help with supabase security
So basically my whole backend is supabase. I dont know much about supabase and how its secured. all my scripts are in edge functions, and I dont have any rls or whatever on my tables. does this mean its secure or are there security checks I should still check for since I store passwords hashed with bcrypt ofcourse and other data like users emails surname name...
2 Replies
If you have RLS enabled on the tables with no policies then you are secure from API usage. Then it is "just" a matter of are you edge functions secure.
As far as storing user data, it would be secure from direct API usage. But depending on what data it is could still show up to your dashboard staff or in backups.
would ai understand whether or not my functions are secure by showing it to them with my database aswell? and my script ofcourse so that I dont have any info in my script which maybe gives away a token or smthng