I'll keep it only in help next time. Didn't mean to spam

Hello, when using supabase auth helpers, the documentation states that a browser client should be created. after fiddling with that, I have observed that the SUPABASE_URL and the SUPABASE_ANON_KEY are sent to the client. Theoretically, one could track network activity and get these, and in turn use them to create a supbaseClient on their side, to create new users. How can we secure this?

#1006358244786196510 might be a better forum for this. though i think (while production as i would like to think), your key and url would be encrypted with the key on you and the hosting platform would know.

so even if they get the anon_key and url, they wouldn't be able to do much unless they can figure out a way to decrypt them, which is mostly unlikely. though still would recommend hopping to #1006358244786196510 , you will get a proper answer there.

i'm suddenly unable to connect to my database from pgadmin, has this happened to anyone else?

getting

Connection refused
    Is the server running on that host and accepting TCP/IP connections?

I am really hoping for even better typescript support next week. supabase-js v2 was better, but it is still behind what you get from Prisma or tRPC. pretty please 🙂

Hi everyone! I'm just wanted to know if is possible to use Thirdweb Auth with Supabase-Auth-Helpers ?? I didn't found any reference or guide in the docs. What I want to use is the session provider of supabase auth helpers with the Thirdweb Auth module. Is this possible?

Will do. Thanks!

just tested it, it does not get encrypted but sent as a plain string in the response script

Really not sure where to put this 😅 I've the past 2 days made a **client library for the Storage API **for Java. It can be found here: I'm reaching out to know wether or not it would be valued as a repo under the supabase-community org?

Anybody else currently having issues accessing the dashboard?

Mine is loading at the moment.

Seems to be OK now!

Having issues as well loading the auth page. Anybody else? 🙂

is there a plan to start supporting python in edge functions?

if yes, when can we start testing that approximately?

How can the anon key be safe when using supabase pro? If someone gets their hand on it, they can exploit the "Pay as you go" feature.

Do a search on here and you will find the answer, this question has been answered multiple times already.

Not at the moment, currently the edge functions runtime uses Deno and it only supports what Deno supports at the moment.

i checked mine, and they are encrypted. Sorry, can't help you with that. Just search #1006358244786196510 you might get the answer or open a new post.

They aren't encrypted, its just plain text. But this doesn't matter as long as you turn RLS on, on your tables. We used to have RLS on by default but folks found this confusing as they weren't able to get data from their tables due to this, so we turned them off by default. When setting up a table in the Supabase Dashboard it tells you that its recommended to enable RLS on a table and the reasons why.

though vercel claims to encrypting the keys, and checking the certificates, it says RSA encrypted.

what framework are you using?

nextjs?

I know that it's meant to be public, but how does it prevent people from exploit it?

anybody with it can literally insert into the DB

running removeAllChannels realtime function, creating a new realtime conn, etc

Any chance someone could help me out with an issue I'm having regarding mismatch types on queries? 🙏 - https://discord.com/channels/839993398554656828/1050798204641357824

So you didn't do a search on here then, no noone can literally insert into your DB if you have RLS on and they can't remove all channels from realtime or create a new connection. Please search on this platform and you will find more details as this has been answered many times before.