Completely disable querying from webapp frontend
I am currently building a Supabase webapp just don't like how it's so easy to leak data to the frontend. I I have a sensitive field on a table, then there's a likelyhood that it could be leaked. I'm being quite careful in everything I build, but I know subsequent developers working on the system probably wont.
I've decided that I want to disable query access to all public tables for anon and authenticated users. I've refactored my codebase so that all queries are served from Nitro server functions and I'm using KV stores etc for some endpoints which is looking great.
I now have the problem of how I can limit query access on the frontend but not on the backend.
- The Supabase browser client should only have access to some RPC functions and auth controls.
- The Supabase server client should have access to querying all public tables.
- I don't want to use service role because it's going to give the backend way too much access and skip RLS. I'd like to stick with RLS as we are using a mutlti-tenant like architecture.
I just don't know a good solution for this, and Cursor seems to just think I want to use a service role client and then starts refactoring my entire codebase.
Any ideas on an elegant solution here?
1 Reply
You could create a schema without granting anon/authenticated/public for protecting data. Then have functions in public.
Or you can modify each table in public to remove grants to anon/authenticated/public but leave functions available.
Or you can modify the public schema to remove grants to anon/authenticated/public from the schema itself. Then add another schema with API access for functions.