Home/ Security Hub/ Supabase

Supabase Security Posture

An open source Firebase alternative based on PostgreSQL.

Supabase Security Overview

Supabase secures data via Row Level Security (RLS) policies. If RLS is disabled or improperly configured, the anon key permits unauthorized reading and writing of database tables directly from the client.

Security Checks

Row Level Security (RLS) (warn)
Tables created via the dashboard or SQL require explicit RLS policies to prevent public access via the API.
Anon Key Exposure (pass)
The anon key is safe to expose in client code, provided that RLS policies are strictly enforced on all tables.
Service Role Key (fail)
Bypasses all RLS policies. Must never be exposed in client-side code or public repositories.
Run a Security Audit

These technical checks are informational heuristics, not a guarantee of security or compliance. Passing a scan does not guarantee protection against zero-days or application logic flaws. Always conduct independent professional audits.

Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.