Hacker News new | past | comments | ask | show | jobs | submit login

This might be pedantic of me, but conflating RLS and auth isn't a great look. RLS is a general purpose mechanism for constraining row operations, and auth has to do with usernames and passwords and session tokens.



This is what we are targeting: http://postgrest.org/en/v7.0.0/auth.html

We are still doing a heavy assessment of whether this model can be generalised for everyone. It covers the details of both authentication and authorization - we are just building a nice/easy way to enable this for everyone (probably using the same model as Postgraphile: https://www.graphile.org/postgraphile/security/)


i have seen oracle heavily employing RLS for authorization in e-business suite. and it made things so much easier.


Maybe they mean authorisation rather than authentication but like you, I am curious if they will elaborate further on how is Postgres RLS used.


Probably similar in an overall sense to Postgraphile et al[0], in case you haven't seen that - although I am also interested in the specifics relating to Supabase.

[0] https://www.graphile.org/postgraphile/security/


As far as pedantry goes, wouldn't conflating RLS and AuthN be wrong, but AuthZ sort-of correct? At least, that's my understanding.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: