Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Is it safe to use `auth.users.id` as a foreign key relation on my data?
Example: I have a list of posts (visible to everyone) these posts have a `user_id` that is the aforementioned foreign key.
Now if userA goes and looks at userBs post: `supabase.from('posts').select('*').match({ id: userA.id })` he is gonna get the `user_id` too!
Is this bad? Should I have a seperate table? What could go wrong?
Does supabase have column level security like for example Keystone?

Hello <@335332234401677324>!
This thread has been automatically created from your message in <#843999948717555735> a ``few seconds ago``.

Pinging <@&951828363943759883> so that they see this as well!

**Want to unsubscribe from this thread?**
Right-click the thread in Discord (or use the ... menu) and select **Leave Thread** to unsubscribe from future updates.

**Want to change the title?**
Use the `/title` command!

**We have solved your problem?**
Click the button below to archive it.

🆕 Is it safe to use auth.users.id as a foreign key in shared data?

It is safe to expose users ID unless you use it somehow to bypass RLS without using auth.uid().  Postgres does have column security but it is based on Postgres roles and not auth.  Views can also not show a column. You can also block the table with RLS and then use an rpc call to a security definer function to just return the rest of the row.

Is it safe to use auth.users.id as a foreign key in shared data?

Thread was archived by <@335332234401677324>. Anyone can send a message to unarchive it.