how does the security story look in supabase specifically ac Supabase #help

how does the security story look in supabase, spec...

omri

05/26/2022, 7:16 PM

how does the security story look in supabase, specifically access control? say i only plan on using the postgrest and realtime apis, is there a way to say "i only want the supabase-hosted backend to be able to connect to my db"? because otherwise anyone who gets access to the correct credentials (they won't, but still) can access all of my data like they would on a regular postgres instance, no?

Needle

05/26/2022, 7:16 PM

Hello @omri! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

omri

05/26/2022, 7:17 PM

and stepping it up a notch: say i have a backend separate from my frontend (which as i've mentioned before only uses the postgrest and realtime apis), and the backend will use the regular postgres protocol, i'd like to allow it but only it (and supabase of course) to access the postgrest instance. is that supported?

omri

05/26/2022, 7:23 PM

the access control story was one of the things that made us migrate away from heroku's postgres offering, since every developer added to the team (who has access to the heroku secrets which include the db credentials) adds another risk factor - what if they store the credentials locally to connect using some client and then their pc gets stolen? you multiply this by the number of devs on the team and you get a royal headache. rls does help secure things but not in this context.

silentworks

05/26/2022, 9:40 PM

In the context you are mentioning you would only be able to secure it that way by not inviting a member to the project which I think sort of defeats the purpose in a collaborative environment. I don't think any DB works in the manner you are asking about. If your laptop gets stolen and it has credentials on it, then that's already a compromise, you would just need to reset the DB password and go from there.

Needle

05/26/2022, 9:40 PM

omri (2022-05-26)

silentworks

05/26/2022, 9:41 PM

Or maybe I'm not understanding what you are asking here?

omri

05/27/2022, 2:03 AM

I think you are

omri

05/27/2022, 2:04 AM

What I've been told by a person who might become my supervisor of sorts at

$DAYJOB

(well sorta, there's probably a term for it that I forgot) is that we should strive to have our db only accessible to the machines that run our backend apps (in this case supabase and the other backend) by means of a firewall or something along those lines

omri

05/27/2022, 2:06 AM

He was very displeased with the idea of me being able to just connect to our heroku postgres instance from my laptop (which was completely unencrypted so he did have a reason to worry, but I digress).

omri

05/27/2022, 2:06 AM

Aren't firewalls the solution for this?

omri

05/27/2022, 2:07 AM

Although I can see how the needs of paas-style offerings might make having a persistent identifier for the actual physical machine that runs the code that connects to the db (which might not be necessary for something like a firewall, I'm not sure)

Previous Next