Supabase
Supabase RLS Gotchas: Triggers, FK SET NULL, Migrations
Three non-obvious Supabase RLS gotchas — SECURITY DEFINER triggers, FK SET NULL needing UPDATE policies, and partial migrations — with SQL fixes for each.
Supabase
Security
IDOR Prevention Checklist for Next.js + Supabase APIs
An IDOR slipped past code review during a billing rewrite. Here is the 6-point checklist and defense-in-depth approach I now use on every pull request.
Security
AES-256-GCM Encryption for PII in Node.js — 4 Gotchas
How to encrypt SSNs and PII at rest with AES-256-GCM in TypeScript. Covers key rotation traps, IV reuse, auth tags, and a full production implementation.