(www.generalanalysis.com)

780 points rexpository | 3 comments | 08 Jul 25 17:46 UTC | HN request time: 0.822s | source

Show context

raspasov ◴[08 Jul 25 22:44 UTC] No.44504711[source]▶

The MCP hype is real, but top of HN?

That's like saying that if anyone can submit random queries to a Postgres database with full access, it can leak the database.

That's like middle-school-level SQL trivia.

replies(3): >>44504731 #>>44505108 #>>44505154 #

1. vidarh ◴[09 Jul 25 00:01 UTC] No.44505108[source]▶

>>44504711 #

The fact that a fairly established company made a mistake like this makes it newsworthy.

replies(1): >>44506738 #

2. raspasov ◴[09 Jul 25 05:59 UTC] No.44506738[source]▶

>>44505108 (TP) #

I see no mistake (not associated with Supabase).

replies(1): >>44508319 #

3. vidarh ◴[09 Jul 25 10:37 UTC] No.44508319[source]▶

>>44506738 #

Well, I see one that would categorically prevent me from being willing to enable MCP use with Supabase, namely the lack of sufficiently fine grained permissions.

And they've confirmed they're working on more fine grained permissions as one of several mitigations.

↑

Supabase MCP can leak your entire SQL database