How `OR` in a Postgres RLS policy leaked every flagged row to every user
A frontend QA pass on a brand-new account opened the library sidebar and saw two notes I had never written. They were public seed entries from a different user. Same UUIDs across every fresh account I tested.
This is a post-mortem of how multiple Pos...
divenrastdus.hashnode.dev7 min read