Neon Launches Authorize for Granular Access Controls at the Database Layer


SAN FRANCISCO, Oct. 30, 2024 (GLOBE NEWSWIRE) -- Neon, the serverless Postgres database built for developers, today launched “Neon Authorize” that enables developers to manage permissions and access controls with ease. This new offering from Neon leverages Postgres RLS (Row-Level Security) – a Postgres primitive that protects data from malicious actors even when accessed through third-party tooling – and makes it much simpler to use via new deployment models for application developers.

“It makes perfect sense to set up authorization policies at the database layer – but it can be a cumbersome task especially at scale,” said Bryan Clark, VP of Product at Neon. “By using Neon Authorize, it’s easier than ever to leverage the power of Postgres RLS to manage authorization policies and improve security.”

According to the latest research from the Open Web Application Security Project (OWASP), broken access control remains the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user's limits. The report states that “94% of applications were tested for some form of broken access control.” This locks developers in a loop of repetitive operational tasks instead of working on core features while companies require more engineering resources just to deal with permissions.

Postgres RLS is a powerful security feature that allows database administrators to control which rows of data a user can access and edit in a PostgreSQL database. It works by applying a filter to a table before other filtering or query criteria; the filter narrows or rejects data based on the security policy. RLS is commonly used to limit access based on the database user connecting, and can also be used to ensure data safety for multi-tenant applications.

With Neon Authorize, it’s easier than ever to adopt Postgres RLS by allowing developers to integrate their existing authentication provider directly with Neon. After doing so, calls to the database can be authenticated with a JSON Web Token (JWT) generated by the authentication provider. Now developers can build applications that are entirely client-side, without needing a server or backend.

“Replacing a previous home-grown approach with Neon Authorize has simplified application code, provided better security via the use of asymmetric key encryption, and has improved performance by eliminating the use of additional SQL commands and unnecessary transactions previously required when implementing RLS directly in Postgres,” said Andy Young at Lockdown Ventures. “The migration took less than a day, and because Neon Authorize is based on standard JWTs it’s easily extensible to implement powerful security rules encompassing concepts such as multiple tenants, users, groups and workspaces.”

About Neon
Neon was founded in 2021 by a team of experienced database builders and Postgres contributors with a singular goal: Help developers and teams ship faster with Postgres by delivering it as a serverless cloud platform. Today, more than 3000 projects are created on Neon daily, powering everything from startups building the next wave of AI tools, to large platforms like Vercel, Replit and Retool.

Contact
Adam LaGreca
Founder of 10KMedia
adam@10kmedia.co