I’m wondering, when I use Supabase or Xano integration for a collection, are the filters apply to the query configuration done on the backend? Is this a secure way to filter data for privacy?
Hi,
it’s depending on the datasources.
Supabase is done backend side, Xano is done front-end side.
If the filter is done backend side, but depending on a parameters, anyone can decide to call your API with the parameter they want. Security always have to be done on the backend side, front is almost never secure.
The only secure concern you may have for front part, is having a source access during prerendering with a different level of accessibility, and then expose through the generated page.
If you have sensible data: always add a security level on the backend. Frontend is only one way to access the data.