zlacker

[return to "Hacking Moltbook"]
1. _fat_s+a31[view] [source] 2026-02-02 21:15:55
>>galnag+(OP)
It's kinda shocking that the same Supabase RLS security hole we saw so many times in past vibe coded apps is still in this one. I've never used Supabase but at this point I'm kinda curious what steps actually lead to this security hole.

In every project I've worked on, PG is only accessible via your backend and your backend is the one that's actually enforcing the security policies. When I first heard about the Superbase RLS issue the voice inside of my head was screaming: "if RLS is the only thing stopping people from reading everything in your DB then you have much much bigger problems"

◧◩
2. alexha+Zk3[view] [source] 2026-02-03 12:59:22
>>_fat_s+a31
There was a post not long ago about a HN user who wanted to both advocate and help people out of this danger:

>>46662304

[go to top]