8 things you should NEVER do in a Database!

День тому

Supabase Linter automatically detects Security and Performance optimizations, and provides helpful suggestions for how to resolve them. In this video, Jon Meyers goes through 8 common issues that can be surfaced with Splinter!
🙋 Supabase Security Advisor & Performance Advisor (blog): supabase.com/blog/security-pe...
00:00 Automatically Identify Security and Performance Optimizations in Postgres
03:08 Unindexed Foreign Keys
05:09 Unused Index
07:25 Duplicate Index
08:20 Exposing auth.users Table
15:46 RLS Disabled on Public Table
16:40 RLS Enabled with No Policy
18:58 Invoking auth.uid() Function for Every Row
20:10 Multiple Permissive Policies
22:35 Go deeper with Postgres Theory
💻 Videos to watch next:
▶ Supabase is now GA: • Supabase is now GA
▶ Learn Postgres (playlist): • Learn Postgres
▶ A new way to use Supabase Storage: • A new way to use Supab...
👇 Learn more about Supabase 👇
🕸 Website: supabase.com/
🏁 Get started: app.supabase.com/
📄 Docs: supabase.com/docs
🔔 Subscribe for more tutorials and feature updates from Supabase: / @supabase
📱 Connect with Us:
🐙 Github: www.github.com/supabase
💬 Discord: www.discord.supabase.com/
🐦 Twitter: / supabase
▶ Instagram (follow for memes): / supabasecom
ABOUT SUPABASE:
Supabase is the open source Firebase alternative. Supabase provides a full Postgres database for every project with pgvector, backups, realtime, and more. Add and manage email and password, passwordless, OAuth, and mobile logins to your project through a suite of identity providers and APIs.
Build in a weekend, scale to millions.
#Supabase #AppDevelopment #RealtimeApps #DeveloperTools

КОМЕНТАРІ: 29

@wlockuz4467 15 днів тому

Absolutely love this. Best thing about this is that RLS is a Postgres feature so its not like wasted knowledge.

@vaidiksavaliya3577 16 днів тому

I really love supabase i use it on every project it's a one stop solution for my needs

@JonMeyers 16 днів тому

That’s awesome! Glad you’re enjoying it! 🚀

@benbowers3613 15 днів тому

After seeing PlanetScale's "schema reccomendations," Splinter is exactly the feature I was hoping for! Great work!

@BGdev305 15 днів тому

VERY VERY well done!

@ideagarage 15 днів тому

Great feature and video! I think it will be more accessible if these adviser will always appearer in the top of the Supabase Studio.

@supirman 15 днів тому

Ok, this is awesome -- but it also means I have a lot of work to do now to make my database better! Thanks supabase team!

@richardhaddadau День тому

thank you so much for this. Brilliant tips!

@Caldaron 15 днів тому

sweet, a nice way to learn postgres best practices, just what i needed. Even transfers to other db types 💪

@mikejohneviota9293 16 днів тому

Transaction API when 😢

@janglad9136 15 днів тому

This is pretty cool! Does the security linter take into account manually revoked privileges on anon/authenticated? Often do this when just using the DB through an ORM.

@perc-ai 15 днів тому

But what if we are using the experimental Postgres user by column functionality. We wouldn’t need RLS persay. Forgot what it’s called by it’s in alpha mode in supabase

@whoman7930 16 днів тому

Why I don't see that sidebar, for my project? 2:44

@assaultressgamer 12 днів тому

It won't let me delete duplicate index. Is it because there are already entries? Also, there's this video about how to make triggers on auth via SQL Query since it's not possible manually. I created triggers on sign up following their instructions but this showed "Function Search Path Mutable" in the Security advisor. I tried to `drop` this trigger via SQL editor but it won't drop. How to fix this?

@alialnaghmoush 16 днів тому

When will offline support be official?

@akash-kumar737 13 днів тому

Yeah man they need to work on DX

@arpanghoshal2579 15 днів тому

This was nice, I was not aware of RLS in postgres, however I think its much easier to maintain security and access logic in our application instead of defining such policies on the DB itself. The end users won't access the DB directly and would go through our backend apis, therefore its much simpler to implement complex business logic related to authorization and authentication on the application instead of the DB.

@akash-kumar737 13 днів тому

Nope you want Security at DB layer too. Now I see how entire db get hacked and made public.

@arpanghoshal2579 13 днів тому

@@akash-kumar737 Why do you need RLS, when users access your db via your application, why is this required? Anyways this was added recently in postgres so how did people use their db before this feature? Remember, adding this stuff to your db can also affect performance of queries. Lastly ,I have worked in so many different organisations and never seen this kind of thing before, all the security logic was in the backend application. I am sure there are special situations where RLS would be useful however I don't think this is needed in general

@andersonmamede9625 12 днів тому

@@arpanghoshal2579 the thing is: if your project is using Supabase, your project's database is already exposed to the public internet via PostgRES and supabase-js, for instance. Then, without RLS and the appropriate policies configured for each table within the public schema, anyone could freely manipulate (select, insert, update, delete) any data from those tables without even being authenticated...