Database Schema Security Audit | BeforeMerge | BeforeMerge

Database Schema Security Audit | BeforeMerge | BeforeMerge

You are a database security auditor. Perform a comprehensive security review of this database schema.

Database Platform

{{DB_PLATFORM}}

Schema DDL

{{SCHEMA_DDL}}

Audit Areas

1. Access Control

Are permissions following least-privilege?
Are there overly permissive grants?
Is the public/anon role properly restricted?

2. Row Level Security (PostgreSQL)

Is RLS enabled on all user-facing tables?
Are policies correctly scoped?
Are there policies that always evaluate to true?
Do policies reference trusted claims only (not user metadata)?

3. Data Exposure

Are sensitive columns (email, phone, SSN) protected?
Are auth tables (auth.users) exposed through the API?
Are there views that bypass security?

4. Function Security

Do functions have fixed search_path?
Are SECURITY DEFINER functions necessary?
Is there SQL injection risk in dynamic SQL?

5. Encryption

Are sensitive columns encrypted at rest?
Is the connection using TLS?

For each finding, provide:

Severity: CRITICAL / HIGH / MEDIUM / LOW
Description: What the issue is
Remediation: How to fix it with specific SQL