Most builders ship apps with zero security. They focus on features, design, and shipping fast. Security feels like homework. It's boring. It's not sexy. It doesn't get quote-tweets. Then they hit 10 users and the app starts breaking. Or worse, someone opens the browser console and realizes they can see the entire database. This is the exact 30-minute security checklist I run before every MVP launch. It's not exhaustive. It's not paranoid. It's the minimum viable security layer that protects you from the most common attacks and keeps your app from leaking data or racking up surprise bills. If you're shipping AI tools, SaaS, or any app with user data, bookmark this and run through it before you publish. 1. Row Level Security in Supabase This is the number one thing people skip and it's deadly. Without Row Level Security, anyone can read your entire database by opening the browser console and running a query. They don't need to hack anything. They don't need special tools. They just open DevTools and type a command. I've seen apps with thousands of users ship without RLS enabled. The database is wide open. User emails, passwords (hopefully hashed), payment data, everything. Here's how you check: Go to your Supabase dashboard. Click Authentication, then Policies. If you see zero policies, your app is completely exposed. The fix is simple. You need to add policies that restrict who can read, insert, update, or delete rows based on the authenticated user. If you're using Lovable, just ask it to enable RLS and write policies for your tables. It'll generate the SQL and apply it automatically. If you're doing it manually, here's the basic structure: Create a policy that says "users can only read rows where the user_id matches their own ID." Do this for every table that stores user-specific data. This takes 5 minutes and it's the difference between a secure app and a data breach waiting to happen. Don't skip this. Ever. 2. Test every single auth flow Signup, login, password reset, email verification.

Are most of the posts in here just people advertising their sites (I assume created with loveable)? I'm curious if anyone wants to discuss prompt optimization and why we are here? Personally I am building sites for fun. I retired from a university where I was the DBA for a group that handled data for early childhood (they were updating the data dashboard while I was there).... I had in the past worked with everything from not for profits (including museums) to water research and had developed everything from HR systems on mainframe to water models on PC.... Currently I'm teaching middle school and developing site just based on what interests me. For example: https://teched4kids.com - feel free to make suggestions. I've been adding to this as I need experiments for class.

My primary focus has been building websites. What is your main use case? It would be great to get an overview of the expertise in this group and see how most of us are utilizing the tool. (Feel free to share your specific products!)

Idk if anyone makes scrapers here, but some of my clients have wanted to automate finding leads... So there I was, trying to get all the luxury realtors off of onereal.com but no apify actor I was lost.... Nope. I turned to my pal claude code (CC). I said, here's a link I want to scrape (url that had a list of profiles (and their links) here's an example of a link that it points to (link example of a profile) here's example data from that page I want to scrape CC went to work, ran into a problem with js, tried a headless browser, didn't work, tried playwright, it did some iterative magic and boom. 218 luxury realtors are on a list. I used ghostty, which has been helpful to run multiple CCs together. It's useful to find very specific datasets that aren't in apify. And I'm working on a commission basis for this particular client, so it's potentially high value if it works. Hope that gives you guys some ideas if you're stuck when scraping ✌️ It also didn't cost me anything except for my access to CC. And my normal dev routine is often lovable -> Claude code, so I've been using it for everything.

Until now, AI has mostly lived inside chat windows. With Clawdbot hitting the scene, all that changes. This is AI with its own workspace, tools, and operating system. In my latest video, Mark Kashef and I are breaking down this new open-source system that turns models like Claude or ChatGPT into fully functional assistants —with their own computer. Clawdbot lets you do things like: - Message an AI that from anywhere and have it actually run software for you - Give it its own desktop, folders, and workflows - Let it operate while you’re offline - Package it into client-ready services Watch the full video and follow the setup guide to build this the right way and start making money with it → https://www.skool.com/lovable-ai-3884/classroom/6d60df09?md=3de09415df9d4fdfb147fb48bd9c4940