←back to thread

Supabase MCP can leak your entire SQL database

(www.generalanalysis.com)
784 points rexpository | 3 comments | 08 Jul 25 17:46 UTC | HN request time: 0.421s | source
Show context
jppope ◴[09 Jul 25 01:05 UTC] No.44505416[source]
Serious question here, not trying to give unwarranted stress to what is no doubt a stressful situation for the supabase team, or trying to create flamebait.

This whole thing feels like its obviously a bad idea to have an mcp integration directly to a database abstraction layer (the supabase product as I understand it). Why would the management push for that sort of a feature knowing that it compromises their security? I totally understand the urge to be on the bleeding edge of feature development, but this feels like the team doesn't understand GenAi and the way it works well enough to be implementing this sort of a feature into their product... are they just being too "avant-garde" in this situation or is this the way the company functions?

replies(5): >>44505432 #>>44505438 #>>44505472 #>>44505501 #>>44506821 #
1. tptacek ◴[09 Jul 25 01:18 UTC] No.44505472[source]
This is developers using a developer feature that makes perfect sense with developer databases in developer environments, but in prod. That is a story as old as COBOL.
replies(2): >>44505730 #>>44505731 #
2. addcn ◴[09 Jul 25 02:08 UTC] No.44505730[source]
Yes this. First thing I thought — don’t even have the prod credential anywhere near my machine
3. SkyPuncher ◴[09 Jul 25 02:08 UTC] No.44505731[source]
I literally cannot believe the hysteria around what is obviously a development tool.

Are we also getting up in arms that [insert dev tool of choice] has full access to your local database? No, we aren't.

I've always taken these types of MCPs tools to be a means of enabling LLMs to more effectively query your DB to debug it during development.