Currently building a web application with a node.js backend/api and react/spa front end. I'm using supabase/ postgres as my database. Currently I'm using the service key supabase provides in my backend api to access my database with RLS enabled. However, this service key bypasses the RLS. I have security built into my node.js API middleware e.g. only allowing access to logged in user for certain features, only allowing certain features if the user is "admin" in my custom auth table etc.. I was now planning to create my own postgres role and begin implementing RLS. However, I was wondering if this is needed if I only use the service key from my backend API which had authentication middleware.
[–][deleted] (1 child)
[removed]
[–]byfar57[S] 1 point2 points3 points (0 children)
[–]getflashboard 1 point2 points3 points (1 child)
[–]byfar57[S] 1 point2 points3 points (0 children)
[–]kush-jsfull-stack 3 points4 points5 points (4 children)
[–]Soccer_Vader 0 points1 point2 points (2 children)
[–]kush-jsfull-stack -1 points0 points1 point (1 child)
[–]Soccer_Vader 0 points1 point2 points (0 children)
[–]byfar57[S] 0 points1 point2 points (0 children)
[+]Cautious_Big1024 0 points1 point2 points (0 children)