You skip the backend entirely and query from the frontend. PostgREST and Postgres is your backend. If you want extra sauce on top you route those paths to an application that does whatever extra imperative operations you need.

▲

oulipo2 3 days ago | parent | next [-]

So a kind of "mini-Firebase" ? and then you have security through row-based security?

But this also means your users can generate their own queries, possibly doing some weird stuff taking down the db, so I assume it's more for "internal tools"?

	▲	charrondev 3 days ago \| parent [-]
		Yeah definitely not for public facing things of any capacity. No matter your size unless you have a trivial amount of data, if you expose a full SQL query language you can be hit be a DOS attack pretty trivially. This ignores that row level security is also not enough on its own to implement an even moderately capable level of access controls.

▲

jascha_eng 3 days ago | parent | prev [-]

This always sounds super messy to me but I guess supabase is kind of the same thing and especially for side projects it seems like a very efficient setup.