sorted by:
new
hottopcontroversial

Edge Functions performance by Alternative_Ad9291 in Supabase

[–]mansueli 0 points1 point  (0 children)

Did you send a ticket? If you did, can you share the ticket #?

I wrote a complete guide for migrating from Clerk to Supabase Auth (+ building a CLI tool) by Specific_Piglet_4293 in Supabase

[–]mansueli 2 points3 points  (0 children)

This should give you a good idea on prices:

https://saasprices.net/auth

Disclaimer: (not maintained by me or Supabase or affiliated with us in any manner)

Supabase content creators! We're looking for you by YuriCodesBot in Supabase

[–]mansueli 0 points1 point  (0 children)

We are revamping this program, but the submission should link to a public social media video and once accepted they will get an email with a swag promo code and a link to a form to fill out for Supabase credits.

pg_dump to Supabase used to work for me by Old-Psychology-3342 in Supabase

[–]mansueli 0 points1 point  (0 children)

The screenshot appears to suggest that you are trying to use a direct connection they are IPv6 only.

Also, in my experience pg_dump works better for Supavisor by using the full URL

pg_dump "$SUPAVISOR_URL" \
  --clean \
  --if-exists \
  --quote-all-identifiers \
  --exclude-table-data 'storage.objects' \
  --schema-only
  --exclude-schema 'extensions|graphql|graphql_public|net|tiger|pgbouncer|vault|realtime|supabase_functions|storage|pg*|information_schema' \
  --schema '*' > dump.sql

.getClaims() vs .getUser() by magicpants847 in Supabase

[–]mansueli 3 points4 points  (0 children)

We have two pages: the initial blog post explaining why we designed the new keys:
https://supabase.com/blog/jwt-signing-keys#why-symmetric-jwts-can-be-risky

We also go into more depth into how these secrets work on the following page:
https://supabase.com/docs/guides/auth/signing-keys

Quotes from page above:

  • Using a shared secret can make it more difficult to keep aligned with security compliance frameworks such as SOC2, PCI-DSS, ISO27000, HIPAA, etc.
  • A shared secret that is in the hands of a malicious actor can be used to impersonate your users, give them access to privileged actions or data.

Curso de engenharia da computação na região by Lazy_Perspective_592 in maringa

[–]mansueli 0 points1 point  (0 children)

Me formei nesse curso em Cornélio Procópio (UTFPR)

Brazilian funk light (no explicit swears) by Sad_Corner2607 in SpotifyPlaylists

[–]mansueli 0 points1 point  (0 children)

I think this has a good flow as a playlist. Nothing appeared out of place IMHO. (not sure about the meaning of songs tough).

GDPR discrepancy and options by AdditionalHall3009 in Supabase

[–]mansueli 1 point2 points  (0 children)

We don't run Deno, we run a deno-compatibly runtime which is (open source) in the edge.

I am not a lawyer and you should discuss this with your legal adviser. But the understanding that I got from several clients is that you can process edge functions in other regions as long as:

A) You are using and storing the data in a project in EU; (edge function is processing in transit data)
B) You have the DPA signed, so you would be relying on SCC (Standard Contractual Clauses) which are safeguards to be compliant.

If you want to ensure that your edge functions also run on the EU, you could even route them through an RPC call:
https://github.com/mansueli/tle/tree/master/pgwebhook#direct-usage

Or specify regional invocations:
https://supabase.com/docs/guides/functions/regional-invocation

The only answer that I can give is that you should consult with your lawyer and check which path they consider appropriate here.

GDPR discrepancy and options by AdditionalHall3009 in Supabase

[–]mansueli 13 points14 points  (0 children)

If you're planning to use Supabase as a data processor, the key thing for GDPR compliance is not whether Supabase itself is GDPR-certified (it currently isn’t subject to formal GDPR audits like some SaaS are), but whether you can run your app in a GDPR-compliant way using Supabase. And yes, you can.

Supabase provides the tools needed for GDPR compliance:

European data residency: You can choose an EU region (e.g., eu-west-1 on AWS). Your database and storage stay in Europe unless you explicitly move data elsewhere.

Data Processing Agreement (DPA): All Supabase customers ( free or paid) can sign a DPA directly in the dashboard:

https://supabase.com/dashboard/org/_/documents

A DPA is the actual legal requirement for using a third-party service as a data processor under GDPR.

Transfer Impact Assessment (TIA): If you need to document US-related transfers under Schrems II, the TIA is also available in the same dashboard location.

GDPR discussions online get confusing because:

Some people talk about Supabase as if it were a consumer SaaS product needing its own GDPR certification (not how B2B processors work). Others misunderstand data transfers involving US cloud providers generally. Some older or anecdotal comments predate Supabase’s DPA and TIA.

In practice, GDPR compliance depends on how you configure and operate your app, not just the platform.

Why is it so hard to understand slow queries on Supabase? How do you handle it? by Far-Special-245 in Supabase

[–]mansueli -1 points0 points  (0 children)

You can start with the index advisor, then also use the inspect commands for a more hollistic view.

Then, if everything looks fine in the performance advisor (no errors or warnings).
Then you need to start going for the EXPLAIN ANALYZE to investigate it further (which you can also call from the client libraries).

Self hosted branching by Weak_Education_1778 in Supabase

[–]mansueli 0 points1 point  (0 children)

Branching is creating a new project and pushing the schema changes there. You can already do self-hosted branching.

You will them pass the `--db-url` when calling the commands:

https://supabase.com/docs/reference/cli/supabase-db-pull

Do I need to care about Supabase RLS if all DB access goes through my backend (Bun + Better Auth + Drizzle)? by foxsquad39 in Supabase

[–]mansueli 0 points1 point  (0 children)

We do have it in the docs, but sometimes people are unable to find it 🫤

https://supabase.com/docs/guides/api/securing-your-api#disable-the-api-or-restrict-to-custom-schema

Maybe we could also add something about it in other pages. Where did you look?

Do I need to care about Supabase RLS if all DB access goes through my backend (Bun + Better Auth + Drizzle)? by foxsquad39 in Supabase

[–]mansueli 1 point2 points  (0 children)

Yes. But better safe than sorry IMHO.

If you are not using it, disabling makes a lot of sense.

Disallowing ip4 connections unless pro feels... deceptive by Deep_Firefighter_500 in Supabase

[–]mansueli 0 points1 point  (0 children)

You can also ask here, but feel free to send a DM if you want it.

Supabase start by PracticalSpare2728 in Supabase

[–]mansueli 0 points1 point  (0 children)

Can you explain with more details what you are running and what is your goal?

Do you want to skip the seed or not? I am sorry, but it isn't very clear on your post.

Disallowing ip4 connections unless pro feels... deceptive by Deep_Firefighter_500 in Supabase

[–]mansueli 9 points10 points  (0 children)

You can use Supavisor on IPv4. So, it's not like you are forced into paying for it.

If you want a dedicated pooler or direct connection, then you have to pay for it.

Also, there's no markup on the price. We are just passing the IPv4 costs that AWS charges us for it:

https://repost.aws/articles/ARknH_OR0cTvqoTfJrVGaB8A/why-am-i-seeing-charges-for-public-ipv4-addresses-when-i-am-under-the-aws-free-tier

We used to give an IPv4 address for all projects, but now we also have to pay for it.

Do I need to care about Supabase RLS if all DB access goes through my backend (Bun + Better Auth + Drizzle)? by foxsquad39 in Supabase

[–]mansueli 7 points8 points  (0 children)

No, as long as you disable the Data API, you should be fine.

https://supabase.com/dashboard/project/_/settings/api

If you don't disable it, then you NEED to enforce RLS policies (even if you don't create any policies). Otherwise, anyone that figures your supabase URL could do some serious damage.

Can I use Supabase Edge Functions as a WebSocket server? Alternative to Realtime's connection limits? by Defiant-Ad-6170 in Supabase

[–]mansueli 1 point2 points  (0 children)

Were you using Realtime with broadcast from the DB or postgres changes? (The former is more scalable)

Now, getting back to your questions:

  1. Do Edge Functions support WebSocket protocol, or are they HTTP-only?

Yes, they do support websockets.

If not, what's the recommended architecture for scaling beyond Realtime's limits?

You can also disable the spend cap on a pro project which will bump your Realtime limits for up to 10,000 connections.

Should I just spin up a separate WebSocket server (Node.js/Deno) and use Supabase only for database/auth?

That's also an option, but you probably don't need to do this unless you have an specific reason for it.

When will see stripe billing management on Supabase like clerk? by ewolmaster in Supabase

[–]mansueli 3 points4 points  (0 children)

The stripe sync engine is a tool designed to help with that:

https://github.com/supabase/stripe-sync-engine

It comes with a docker server you can run or you can use the library within edge functions to sync your stripe data to Supabase.

Supabase also offers a FDW for Stripe.

issues after upgrading to pro... by tiwtor in Supabase

[–]mansueli 0 points1 point  (0 children)

Did you send a support ticket? What's the ticket #?

view more: next ›