Supabase CISO Bill Harmer and Security Engineer Etienne Stalmans explain how Supabase embeds security at the database layer rather than bolting it on afterward. Key practices include Row Level Security (RLS) to control data access per user, continuous policy testing with pgTAP, and a simple anonymous-vs-authenticated access
Table of contents
Security starts with the dataBuilding with first principlesAnonymous or authenticatedRow Level Security is non-negotiableTesting your policies with pgTAPSecurity that scales“Just make it work” the dangerous promptBuilding securely by defaultSort: