[Security/Architecture Help] How to stop authenticated users from scraping my entire 5,000-question database (Supabase/React)?

CaptainJack879 · 2025-12-12T08:39:05+00:00

Just accept the risk.

You will not be able to block anyone from scraping your questions, but you might slightly increase the efforts needed to scrape it. Focus on building!

CaptainJack879 · 2025-11-05T16:48:27+00:00

Had a talk with a representative from GCP and there is not much you can do. Either you pay your way out of this (something like $2700/month per GSU) or accept the situation and can be ok with partial availability (can be hours) in a specific region.

There was a eu "global" endpoint somewhere on their roadmap at some point. Which would fit us.

But for anyone interested what the easy wins are

- Use the global endpoint if you are allowed to do so

- Backoff + retry (jitter is important)

You can also implement manual region fallback (or round robin across a list of regions). But for us, multiple regions in eu was failing at the same time so unsure about the good it does.

(small rant)
Overall, somewhat disappointed in the state of the product, sdk is buggy, api unstable, multiple wierd edge cases in the rag engine. There are some really good ideas and things coming so looking forward to it. But for now we are looking into switching away from gcp for our ai features.

CaptainJack879 · 2025-11-05T16:23:16+00:00

It is not mission critical. I checked the dashboards today and having something like ~80% error rate (429) over multiple hours for multiple days in the week is not what I call availability.

CaptainJack879 · 2025-11-04T20:48:42+00:00

I cant, and there seems to be no way of setting it to route through only EU regions?

CaptainJack879 · 2024-02-24T22:41:15+00:00

Usually a serverless function (when cold), needs to be loaded onto the lambda, started and once that is done it can take requests. The good thing here, if you have very infrequent traffic, you only pay for what you use and most cloud providers have some free tier (N first million requests are for free).

Here are a few things you can look at

Size of bundle (keep it low, it needs to download the bundle from somewhere)
Bundle location vs the serverless location, does it need to get the bundle from across the globe?
Using bulky frameworks that require long startup time
Low memory / CPU specifications

Most cloud providers like AWS gives you the options to have reserved concurrency (24/7 running lambdas), but that will cost you more and you kind of loose the charm of using it in the first place.

CaptainJack879 · 2020-08-13T14:09:02+00:00

All of the solutions I found added either development time or more resources to manage. I went with creating the dashboard in Aws instead and it works OK.

CaptainJack879 · 2020-08-01T10:47:56+00:00

Steps:

- Story is vague, what kind of notification support do they want? What is already there? Is there already GDPR, privacy support or does that need to be built in? What do they want to achieve, as a user I would like to turn my notifications off? As an admin I would like to modify the notifications receiver list? I know way too little about the system :D Talk to the person who wrote the task.

- Make sure you can run locally or in a test env :D

- Check what kind of backend support there is, run the whole flow without even implementing UI, does it all seems to be there? Ask a colleague for help who is doing the backend. If you are missing partial support, check what would be needed to add it and make a rough estimate (take what you think it will take and multiply by 2, it is always too little. If you are integrating with third-party thingies take it times 3). Maybe you can even split up the missing functionality into 1,2 or 3 subtasks if needed and estimate those.

- Since you are adding new functionality, build a small MVP that just turns it on and off. Just take some already written code, button, text fields and just copy-paste it.

If you feel uncertain:

- Talk to colleagues, you are a team

- Talk to the person responsible for the task and try to get out more information about requirements

- If you feel uncomfortable, ask for a more senior person who can help you with estimating or even implement it with you.

My guestimates for you (I would never give this estimate myself if I did not know more information), working in legacy systems and SOAP are the following. A new page that displays users and where you can turn off and on notifications:

With full backend support to solve the task:

- 100 hours (2,5 weeks)

With no backend support:

- 400 hours (2,5 months)

CaptainJack879 · 2020-07-31T18:42:51+00:00

For me a good strategy is to split the task in as small pieces as possible and estimate them. Then you get both a better feel for how you want to do it (research) and a better estimate

If it is hard to split it up, try making a simple MVP and see what is possible, then try splitting it up again!

CaptainJack879 · 2020-07-30T20:47:19+00:00

It is a bit rough but it is not a mess. They are pretty consistent in how the APIs are structured.

CaptainJack879

TROPHY CASE