Security update for Supabase: Adding missing security policies

Security update for Supabase: Adding missing security policies

March 30th 2022

🗣

This is an important security update for any Supabase codebase that was exported prior to March 26th 2022. Follow the below instructions to ensure that your customers and items database tables are properly secured with Row Level Security. If you have any difficulty with the below instructions or concerns please reach out to hello@divjoy.com.

  1. Get the updated schema.sql file for your Supabase database here and then update the schema.sql file in the root of your local codebase. You can also grab this file by re-exporting a Supabase codebase from Divjoy, but we’ve including the direct link above to make it a bit easier. You can see exactly what’s been changed in the file by looking at this diff. You’ll notice that we’ve added security policies for the customers and items tables which were previously missing.
  2. image
  3. Also copy the contents of this file into the Supabase SQL editor snippet you previously created when setting up your database. You won’t re-run this snippet, as your database tables have already been created, but we just want to make sure this is up to date in case it’s ever re-used in the future.
  4. image
  5. Create a new snippet by clicking the “New query” button and paste in just the new lines for enabling row level security and creating policies. The screenshot below shows you what it should look like. Finally, click the “RUN” button in the bottom right to execute the SQL and update your database. If all goes well the results box should display “Success. Now rows returned”.
  6. image
  7. Double check that all of your tables now have Row Level Security enabled by going to Authentication > Policies. Just like in the screenshot below, all your table should now display “RLS enabled”.
  8. image
  9. If you have any questions or concerns we’d be happy to help. You can reach out to hello@divjoy.com or use our on-site chat widget.