Hey builders 👋
I noticed a lot of people struggle with RLS misconfigurations. I made a tool to audit Supabase apps (from your site URL) and highlight potential RLS issues: https://instaudit.app
Feedback welcome!
A user named confindev introduces a tool designed to audit Supabase applications for potential Row Level Security (RLS) misconfigurations using just the site URL. The tool aims to help users identify and fix RLS issues. Another user, J_Adam12, questions the liability of the tool in case of a security leak, to which confindev responds by assuring the tool's reliability and clarifying that no data is stored.
What happens if there is a leak and your tool didn’t see it? Are you liable?
Yes, it is totally reliable. When an issue is found, the user is notified so they can fix it. After applying the fix, they can rescan. I do not store any data.
Plus, since I only need the site URL, if my intentions were bad, I could simply scrape places like Reddit instead.