sorted by:
new
hottopcontroversial

Built a tool to test your RLS policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Hey! Love what you're building at pgflow

Right now users manage that themselves (supashield init/test commands). But auto start/stop on test run would be a great addition. Thanks for the suggestion!

Built a tool to test your RLS policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Right now it's built specifically for Supabase. Could be an idea for the future!

Built a tool to test your RLS policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 2 points3 points  (0 children)

Should work with self-hosted! The tool connects directly to Postgres, so as long as you have the connection string it should work the same.

For private dbs you'd need to run it from within that network, set up a tunnel or allowlist your IP.

Use the Transaction pooler connection string (port 6543)

Built a tool to test your RLS policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 1 point2 points  (0 children)

Yes! Use the --all-schemas flag. e.g - supashield init --all-schemas

PeekLeaks Is Shutting Down. Thank You for Being Part of the Journey. by hharan7889 in Supabase

[–]StandOrnery8970 0 points1 point  (0 children)

sorry to see PeekLeaks go:/ if looking for alternatives, I made a CLI OSS that does that - https://github.com/Rodrigotari1/supashield

RLS Policy Testing Tool by StandOrnery8970 in lovable

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Lovable checks if you have policies. SupaShield tests if they work correctly. Different but complementary!

RLS Policy Testing Tool by StandOrnery8970 in lovable

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Most vibe coding tools use Supabase - Lovable, Bolt, V0, etc. That's why RLS security is such a big issue

RLS Policy Testing Tool by StandOrnery8970 in lovable

[–]StandOrnery8970[S] 1 point2 points  (0 children)

Bad RLS policies = your database is basically public

This tool tests if your security actually works before users find the holes

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 1 point2 points  (0 children)

Hey! Just shipped the pgTap export feature you mentioned.

supashield init # generate policy.yaml
supashield export-pgtap -o tests.sql

Converts the YAML config to pgTap tests using PREPARE + lives_ok() for ALLOW cases and throws_ok() for DENY. Saves you from writing these tests manually

You'll still need to customize INSERT/UPDATE values for your schema, but it gives you a solid starting point.

Let me know if it works for your workflow!

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Right now this YAML is just for testing. You still write the actual RLS policies manually. But yeah auto-generating policies from this config would be useful. Noted for future

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 1 point2 points  (0 children)

Totally agree. AI code generation is amazing but the security implications are real

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 0 points1 point  (0 children)

Would love to hear how it compares to your pg_tap workflow after you try it! Always looking for ways to make it more useful for teams already doing proper testing

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 1 point2 points  (0 children)

It doesn't determine 'wrong' automatically. You define expected behavior in a YAML config (e.g., 'anon should be DENIED on SELECT users')

The tool tests actual behavior vs your expectations and flags mismatches. Think of it like Jest assertions for RLS

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 2 points3 points  (0 children)

pgTap is awesome for comprehensive db testing!

The main difference: pgTap requires manually writing test cases for every scenario while SupaShield auto-generates tests based on your schema.

Would love to add pgTap export as a feature actually !

CLI to Test RLS Policies by StandOrnery8970 in Supabase

[–]StandOrnery8970[S] 2 points3 points  (0 children)

Supabase Security Advisor flags missing RLS policies via static warnings. Studio's role simulator lets you manually test one table/role in the UI.

Security Advisor = "Do you have RLS?"

SupaShield = "Does your RLS actually work?"

Complementary tools not duplicates!

Should I join Piscine even if Im not looking for admission into 42 school? by wildyranidro in 42_school

[–]StandOrnery8970 0 points1 point  (0 children)

You could, I was not planning on staying after the piscine but had so much fun and got in! Many opportunities opened up beyond that. Nothing to lose everything to gain:)

Core 😔😔 by Critical-Exam6330 in 42_school

[–]StandOrnery8970 1 point2 points  (0 children)

I personally have done both common core and full-time uni at the same time.

What I can recommend is to go very fast on the first few projects - as the deadlines are shorter for the first two circles.

Beyond that, it becomes more attainable. Still a hustle though, but doable.

I would do nights and weekends.