additional security on front end
Hi , I have RLS setup on Supabse and it works well . Is it recommmended to add additional security on front end , e .g . modifying API call to only retrieve logged in user details or filtering the api data to only retrieve the logged in user details . I am just worried on the off chance if I ever misconfigured RLS on a live site or something and wondering if people add additional security on the front end , or is this overkill ? Interested to hear from others on this I think that in general it is good practice to only fetch the data that you are interested in at that moment . So if I want to fetch my user details , I don 't fetch all user profiles and let RLS do the filtering . I fetch the details of a specific user (by id probably ) . But that does not really enhance security . If you mess up your RLS , that 's it then 😉 As a rule you always protect the data on the backend . Once it has reached the users browser it is no longer secure (from the user ) . Security on the frontend is mostly about making sure that you are not loading any potential malicious scripts ( https://en.wikipedia.org/wiki/Cross-site_scripting ) .
.jpeg/public)