> Anon role should start with nothing and the end user should very explicitly be turning on what unauthenticated users can access.
We agree. We're working on a pathway towards this. Under our original designs we matched all defaults to Postgres' defaults, and with any additions the idea was to "stay out of the way" during development. It's become increasingly important for us to design around security. This will definitely mean more difficult development for newbie developers, but it's an important step forward.
> I’ve been self hosting it for the past couple of months. It is a really nice product
Thanks for the kind words! The credit also belongs to the open source tools we leverage - Postgres, PostgREST, GoTrue, Kong
We agree. We're working on a pathway towards this. Under our original designs we matched all defaults to Postgres' defaults, and with any additions the idea was to "stay out of the way" during development. It's become increasingly important for us to design around security. This will definitely mean more difficult development for newbie developers, but it's an important step forward.
> I’ve been self hosting it for the past couple of months. It is a really nice product
Thanks for the kind words! The credit also belongs to the open source tools we leverage - Postgres, PostgREST, GoTrue, Kong