/Security

Implementing Multi-Tenancy Into A Supabase App With Clerk

- Brian Morrison tl;dr: In this article, you’ll explore how to implement multi-tenancy in a Supabase application using Clerk, comparing manual RLS policies and row-based access control with Clerk’s simplified B2B toolkit—including organizations, role-based access, and a fully managed user interface—to streamline development and scale tenant-aware applications with less custom code.

featured in #610


How To Stop Half Of All Breach Vectors

tl;dr: BlueOptima’s meta-analysis—drawing on 12 major cybersecurity reports and supporting research—reveals how vulnerabilities in secret management, third‑party libraries, and insecure coding practices drive nearly half of global breaches, costing millions per incident. Read the full report to learn actionable strategies to safeguard your digital assets.

featured in #608


Securing AI Agents: Authentication Patterns For Operator And Computer Using Models

- Zack Proser tl;dr: The evolution from smart chatbots to digital assistants capable of autonomously performing multi-step tasks such as ordering groceries, scraping job postings, or researching and filling our complex web forms is natural. However, these expanded capabilities carry significant authentication, security, and compliance ramifications. This article explores these issues and discusses the emerging ecosystem around computer-using operators.

featured in #601


What Is Device Fingerprinting And How Does It Work?

- Zack Proser tl;dr: “Every time a device connects to your server, it broadcasts a wealth of information through its browser. Some of these signals are obvious, while others are subtle technical artifacts of how browsers and hardware work together.” Zack breaks down what servers can see and how to mitigate bad actors. 

featured in #600


Hidden Messages In Emojis And Hacking The US Treasury

- Nick Agliano tl;dr: “So how was there a zero-day in PostgreSQL, that had just been sitting there for at least 9 years, maybe longer? And not just that, but a SQL injection vulnerability?” Nick explores these questions. 

featured in #599


What Is Device Fingerprinting And How Does It Work?

- Zack Proser tl;dr: “Every time a device connects to your server, it broadcasts a wealth of information through its browser. Some of these signals are obvious, while others are subtle technical artifacts of how browsers and hardware work together.” Zack breaks down what servers can see and how to mitigate bad actors. 

featured in #594


What Is Device Fingerprinting And How Does It Work?

- Zack Proser tl;dr: “Every time a device connects to your server, it broadcasts a wealth of information through its browser. Some of these signals are obvious, while others are subtle technical artifacts of how browsers and hardware work together.” Zack breaks down what servers can see and how to mitigate bad actors. 

featured in #592


Nontraditional Red Teams

- Zach Holman tl;dr: “Most developers know about red teams: a specific group of people chosen to be the antagonist to your system, trying to sniff out vulnerabilities in your code or organization. Basically, like Sneakers, or the annoying plotline in The Newsroom season two. There’s a few other concepts of a red team I think that every development team should have some exposure to outside of the traditional cybersecurity angle.”

featured in #589


Exploiting McDonald’s APIs To Hijack Deliveries And Order Food For A Penny

- Eaton Zveare tl;dr: “I took a step back and looked at the cart object and an idea came to mind. The cart object was able to accept item updates, but could it accept price updates too? I put together a PUT request to update the price. Surprisingly, it worked.”

featured in #576


Control Data Access with Targeted Row-Level Security

tl;dr: Integrate Clerk with Neon Authorize to enforce Row-Level Security (RLS) in Postgres using JWTs. This setup enhances security by securing database queries based on user identity. For team leads, it simplifies security management and reduces risk, allowing teams to focus on development.

featured in #566