(www.generalanalysis.com)

784 points rexpository | 2 comments | 08 Jul 25 17:46 UTC | HN request time: 0.513s | source

1. zdql ◴[08 Jul 25 23:27 UTC] No.44504937[source]▶

This feels misleading. MCP servers for supabase should be used as a dev tool, not as a production gateway to real data. Are people really building MCPs for this purpose?

replies(1): >>44509955 #

2. admiralrohan ◴[09 Jul 25 13:42 UTC] No.44509955[source]▶

>>44504937 (TP) #

Yes it's dev tool but when dev asks for data from DB through MCP it's accidentally running a sql injected by the attacker and reveals information to them.

↑

Supabase MCP can leak your entire SQL database