https://supabase.com/ logo
#ideas-and-suggestions
Title
# ideas-and-suggestions
a

abc222

05/12/2022, 8:14 AM
Do you plan to improve column security in tables ? to prevent certains field to be seen easily
b

burggraf

05/12/2022, 12:58 PM
We're tied to PostgreSQL, so any solutions in this space would need to be a part of the core PostgreSQL product.
We're heavily tied to PostgreSQL so any changes in this space would have to come from the core PostgreSQL product.
a

abc222

05/12/2022, 1:16 PM
I understand, but right now PostgreSQL doesn't provide simple way to protect columns insertion/updates, at least, nothing as simple as RLS So either Supabase should work to improve Postgre in this way, or work toward some extension of PostgreSQL Right now, complex things like security definers or triggers (which aren't documented at all in Supabase's doc) are necessary to protect fields to be selected or updated Having something simpler feels very important to provide an easy to use platform
j

jaitaiwan

05/12/2022, 1:38 PM
@abc222 What's simpler than Security definers and triggers? There's also check constraints too I guess?
a

abc222

05/12/2022, 2:03 PM
Being able to specify fields that can be selected or updated directly in an RLS policy would be great Having some very simple way of enforcing security measures ensures the majority of apps developed with Supabase are secure, and it should be its top priority considering how good the plateform already is in its other aspects Also being able to access directly do an user's IP address (or some corresponding hash) if he's anon directly in policies would be great too
g

garyaustin

05/12/2022, 2:38 PM
As far as getting the user’s IP address. You can get access to the req headers in RLS. https://postgrest.org/en/stable/api.html#http-context.
3 Views