zlacker

[return to "Hacking Moltbook"]
1. _fat_s+a31[view] [source] 2026-02-02 21:15:55
>>galnag+(OP)
It's kinda shocking that the same Supabase RLS security hole we saw so many times in past vibe coded apps is still in this one. I've never used Supabase but at this point I'm kinda curious what steps actually lead to this security hole.

In every project I've worked on, PG is only accessible via your backend and your backend is the one that's actually enforcing the security policies. When I first heard about the Superbase RLS issue the voice inside of my head was screaming: "if RLS is the only thing stopping people from reading everything in your DB then you have much much bigger problems"

◧◩
2. kinduf+622[view] [source] 2026-02-03 02:05:52
>>_fat_s+a31
Supabase is aware of this and they actually put big banners stating this flaw when you unlock your authentication.

What I think it happens is that non-technical people vibe-coding apps either don't take those messages seriously or they don't understand what it means but made their app work.

I used to be careful, but now I am paranoid on signing up to apps that are new. I guess it's gonna be like this for a while. Info-sec AIs sound way worse than this, tbh.

[go to top]