Hi,
As mentioned in the article, the problem is with the real-time engine. When a user signs in using the built-in auth system, he gets his own key with row-level permissions. However, this key is not used for the web sockets enabling the real-time engine. For that reason, this same user can listen for real-time changes in the rows of other users. The team behind Supabase promises this is their next feature, we'll have to wait and see.
great benchmark results!
can you elaborate please? i dont understand what you mean. they added auth a few months ago. supabase.io/docs/library/user-mana...
P.S - yes, the benchmark results are great, I would love for someone else to validate my findings :)
Hi,
As mentioned in the article, the problem is with the real-time engine. When a user signs in using the built-in auth system, he gets his own key with row-level permissions. However, this key is not used for the web sockets enabling the real-time engine. For that reason, this same user can listen for real-time changes in the rows of other users. The team behind Supabase promises this is their next feature, we'll have to wait and see.
ah I see. that wasn't obvious in the initial reading. thanks,