←back to thread

Supabase MCP can leak your entire SQL database

(www.generalanalysis.com)
780 points rexpository | 1 comments | 08 Jul 25 17:46 UTC | HN request time: 0s | source
Show context
sgarland ◴[09 Jul 25 01:31 UTC] No.44505539[source]
I’m more upset at how people are so fucking dense about normalization, honestly. If you use LLMs to build your app, you get what you deserve. But to proudly display your ignorance on the beating heart of every app?

You have a CHECK constraint on support_messages.sender_role (let’s not get into how table names should be singular because every row is a set) - why not just make it an ENUM, or a lookup table? Either way, you’re saving space, and negating the need for that constraint.

Or the rampant use of UUIDs for no good reason – pray tell, why does integration_tokens need a UUID PK? For that matter, why isn’t the provider column a lookup table reference?

There is an incredible amount of compute waste in the world from RDBMS misuse, and it’s horrifying.

replies(2): >>44505745 #>>44508384 #
apt-apt-apt-apt ◴[09 Jul 25 02:10 UTC] No.44505745[source]
When deciding recently whether to use CHECK ('a', 'b', 'c') vs ENUM, I believe a search/LLM-query stated that it was easier to change a CHECK's values later and not easy for ENUM, so that's what I went with.

As for a lookup table, truly curious, is it worth the complexity of the foreign reference and join?

replies(2): >>44507568 #>>44509724 #
1. benmmurphy ◴[09 Jul 25 08:31 UTC] No.44507568[source]
for postgres ENUM should be just as easier to change as CHECK

* for adding, there is no problem you can just add entries to an ENUM

* for removing there is a problem because you can't easily remove entries from an ENUM. its only possible to create a new enum type and then change the column type but that is going to cause problems with big tables. however, now your ENUM solution decays to a CHECK+ENUM solution. so it is not really any worse than a CHECK solution.

also, it is possible to add new CHECK constraints to a big table by marking the constraint as 'NOT VALID'. existing rows will not be checked and only new rows will be checked.