zlacker

[return to "Hacking Moltbook"]
1. _fat_s+a31[view] [source] 2026-02-02 21:15:55
>>galnag+(OP)
It's kinda shocking that the same Supabase RLS security hole we saw so many times in past vibe coded apps is still in this one. I've never used Supabase but at this point I'm kinda curious what steps actually lead to this security hole.

In every project I've worked on, PG is only accessible via your backend and your backend is the one that's actually enforcing the security policies. When I first heard about the Superbase RLS issue the voice inside of my head was screaming: "if RLS is the only thing stopping people from reading everything in your DB then you have much much bigger problems"

◧◩
2. xXSLAY+lj1[view] [source] 2026-02-02 22:19:24
>>_fat_s+a31
Just started vibing and have integrated codex into my side project which uses Supabase. I turned off RLS so that could iterate quickly and not have to mess with security policies. Fully understand that this isn't production grade and have every intention of locking it down when I feel the time is right. I access it from a ReactNative app - no server in the middle. Codex does not have access to my Supabase instance.
◧◩◪
3. Chaosv+KU2[view] [source] 2026-02-03 09:45:15
>>xXSLAY+lj1
There is a server in the middle. It's the machine running Supabase.
[go to top]