8 things you should NEVER do in a Database!

Подписаться 30 тыс.

Просмотров 10 тыс.

50% 1

Supabase Linter automatically detects Security and Performance optimizations, and provides helpful suggestions for how to resolve them. In this video, Jon Meyers goes through 8 common issues that can be surfaced with Splinter!
🙋 Supabase Security Advisor & Performance Advisor (blog): supabase.com/blog/security-pe...
00:00 Automatically Identify Security and Performance Optimizations in Postgres
03:08 Unindexed Foreign Keys
05:09 Unused Index
07:25 Duplicate Index
08:20 Exposing auth.users Table
15:46 RLS Disabled on Public Table
16:40 RLS Enabled with No Policy
18:58 Invoking auth.uid() Function for Every Row
20:10 Multiple Permissive Policies
22:35 Go deeper with Postgres Theory
💻 Videos to watch next:
▶ Supabase is now GA: • Supabase is now GA
▶ Learn Postgres (playlist): • Learn Postgres
▶ A new way to use Supabase Storage: • A new way to use Supab...
👇 Learn more about Supabase 👇
🕸 Website: supabase.com/
🏁 Get started: app.supabase.com/
📄 Docs: supabase.com/docs
🔔 Subscribe for more tutorials and feature updates from Supabase: / @supabase
📱 Connect with Us:
🐙 Github: www.github.com/supabase
💬 Discord: www.discord.supabase.com/
🐦 Twitter: / supabase
▶ Instagram (follow for memes): / supabasecom
ABOUT SUPABASE:
Supabase is the open source Firebase alternative. Supabase provides a full Postgres database for every project with pgvector, backups, realtime, and more. Add and manage email and password, passwordless, OAuth, and mobile logins to your project through a suite of identity providers and APIs.
Build in a weekend, scale to millions.
#Supabase #AppDevelopment #RealtimeApps #DeveloperTools

Наука

Опубликовано:

29 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 32

@wlockuz4467 3 месяца назад

Absolutely love this. Best thing about this is that RLS is a Postgres feature so its not like wasted knowledge.

@vaidiksavaliya3577 3 месяца назад

I really love supabase i use it on every project it's a one stop solution for my needs

@JonMeyers 3 месяца назад

That’s awesome! Glad you’re enjoying it! 🚀

@benbowers3613 3 месяца назад

After seeing PlanetScale's "schema reccomendations," Splinter is exactly the feature I was hoping for! Great work!

@BGdev305 3 месяца назад

VERY VERY well done!

@ideagarage 3 месяца назад

Great feature and video! I think it will be more accessible if these adviser will always appearer in the top of the Supabase Studio.

@mikelCold 2 месяца назад

Supabase has become so amazing!

@supirman 3 месяца назад

Ok, this is awesome -- but it also means I have a lot of work to do now to make my database better! Thanks supabase team!

@techjandro 2 месяца назад

Supabase is probably the best product out there for db, it's beyond words

@richardhaddadau 2 месяца назад

thank you so much for this. Brilliant tips!

@Caldaron 3 месяца назад

sweet, a nice way to learn postgres best practices, just what i needed. Even transfers to other db types 💪

@perc-ai 3 месяца назад

But what if we are using the experimental Postgres user by column functionality. We wouldn’t need RLS persay. Forgot what it’s called by it’s in alpha mode in supabase

@janglad9136 3 месяца назад

This is pretty cool! Does the security linter take into account manually revoked privileges on anon/authenticated? Often do this when just using the DB through an ORM.

@mikejohneviota9293 3 месяца назад

Transaction API when 😢

@neeshsamsi 3 месяца назад

Great video, however, it's super annoying that the whoosh sound effect is only in the left ear

@bryceyorkpm 2 месяца назад

agreed! and it's too loud.

@whoman7930 3 месяца назад

Why I don't see that sidebar, for my project? 2:44

@assaultressgamer 3 месяца назад

It won't let me delete duplicate index. Is it because there are already entries? Also, there's this video about how to make triggers on auth via SQL Query since it's not possible manually. I created triggers on sign up following their instructions but this showed "Function Search Path Mutable" in the Security advisor. I tried to `drop` this trigger via SQL editor but it won't drop. How to fix this?

@alialnaghmoush 3 месяца назад

When will offline support be official?

@akash-kumar737 3 месяца назад

Yeah man they need to work on DX

@arpanghoshal2579 3 месяца назад

This was nice, I was not aware of RLS in postgres, however I think its much easier to maintain security and access logic in our application instead of defining such policies on the DB itself. The end users won't access the DB directly and would go through our backend apis, therefore its much simpler to implement complex business logic related to authorization and authentication on the application instead of the DB.

@akash-kumar737 3 месяца назад

Nope you want Security at DB layer too. Now I see how entire db get hacked and made public.

@arpanghoshal2579 3 месяца назад

@@akash-kumar737 Why do you need RLS, when users access your db via your application, why is this required? Anyways this was added recently in postgres so how did people use their db before this feature? Remember, adding this stuff to your db can also affect performance of queries. Lastly ,I have worked in so many different organisations and never seen this kind of thing before, all the security logic was in the backend application. I am sure there are special situations where RLS would be useful however I don't think this is needed in general

@andersonmamede9625 3 месяца назад

@@arpanghoshal2579 the thing is: if your project is using Supabase, your project's database is already exposed to the public internet via PostgRES and supabase-js, for instance. Then, without RLS and the appropriate policies configured for each table within the public schema, anyone could freely manipulate (select, insert, update, delete) any data from those tables without even being authenticated...

@xeooox 3 месяца назад

I found 17 things to fix in my db...

@JonMeyers 3 месяца назад

We should have a leaderboard for “Most Opportunities”

@BGdev305 3 месяца назад

@@JonMeyers 🤣

@victorgarcia3526 3 месяца назад

You forgot to say never use a delete without where

@captainpumpkinhead1512 28 дней назад

I feel like the title is misleading. I clicked on a video about database mistakes and bro launches into what sounds like a schpeel for a sponsored software.