Skip to main content
Alvin QuachFull Stack Developer
HomeProjectsExperienceBlog
HomeProjectsExperienceBlog
alvinquach

Full Stack Developer building systems that respect complexity.

Open to opportunities

AQ

Projects

  • All Projects
  • Hoparc Physical Therapy
  • OpportunIQ
  • Hoop Almanac
  • SculptQL

Knowledge

  • Blog
  • Experience
  • Interview Prep

Connect

  • Contact
  • LinkedIn
  • GitHub
  • X

Resources

  • Resume
© 2026All rights reserved.
Back to Blog
February 25, 2026 1 min read

Defense in Depth: Three Layers of Authorization

Concept
Depth: ●●○○○
Share:

Proxy rate limiting → server action guards → 168 RLS policies. Why each layer exists and what happens when the others fail.

Three Layers

Layer 1 (Proxy): Upstash Redis rate limiters + role-based route guards. Layer 2 (Server Actions): requireAdmin()/requireStaff() guards with React cache(). Layer 3 (Database): 168 RLS policies — even if layers 1-2 fail, the database refuses unauthorized access.

Why All Three?

Any single layer can fail: forgotten guard, proxy bug, RLS gap. With three layers, two can fail and authorization is still enforced. For a platform handling payments and personal data, this guarantee matters.

Related Projects

T Creative Studio

Share

Share:

Explore more

ProjectsExperienceRequest a call

Importance

★★★★☆