4. Rls By Default

Supabase just dropped their **Security Retro for 2025**, and it's packed with changes that affect how you build and secure your apps. Most improvements focus on safer defaults, better tooling, and making Row Level Security (RLS) less painful for developers new to the pattern. This article covers what shipped in 2025 and what's planned for 2026. ... ## 1. Data API Controls You can now **disable the Data API entirely** when creating a new project. This means no auto-generated REST or GraphQL endpoints — your database behaves like standard Postgres (similar to RDS). For existing projects, the same option is available in project settings. Once disabled, you can still connect directly through the connection pooler or standard Postgres connections.