how to i secure the database from the client side if i am not authenticating users? is this possible? all i have to do is check the network tab to see the PostgREST url and i can make requests as if i was in the browser
wheredidyougetyourshades
03/16/2022, 4:18 PM
@User ?
s
Scott P
03/16/2022, 4:19 PM
Just creating a thread to keep it organised instead of spamming the general channel
w
wheredidyougetyourshades
03/16/2022, 4:21 PM
👍
g
garyaustin
03/16/2022, 7:47 PM
If you want to prevent access to tables by unauthorized users you have to put on RLS with a policy or put them in a schema not set up for access by the API. There is no way to have browser access that is not public info with out auth, jwt tokens, or another server in front of API. You can lock down tables and use a security definer RPC function to limit what is accessed to what the function does.