https://supabase.com/ logo
#off-topic
Title
# off-topic
w

wheredidyougetyourshades

03/16/2022, 3:49 PM
how to i secure the database from the client side if i am not authenticating users? is this possible? all i have to do is check the network tab to see the PostgREST url and i can make requests as if i was in the browser
@User ?
s

Scott P

03/16/2022, 4:19 PM
Just creating a thread to keep it organised instead of spamming the general channel
w

wheredidyougetyourshades

03/16/2022, 4:21 PM
👍
g

garyaustin

03/16/2022, 7:47 PM
If you want to prevent access to tables by unauthorized users you have to put on RLS with a policy or put them in a schema not set up for access by the API. There is no way to have browser access that is not public info with out auth, jwt tokens, or another server in front of API. You can lock down tables and use a security definer RPC function to limit what is accessed to what the function does.
w

wheredidyougetyourshades

03/21/2022, 5:32 PM
ok thank you @User