Supabase MCP can leak your entire SQL database

｢ The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. At the same time, it reads customer-submitted messages as part of its input. If one of those messages contains carefully crafted instructions, the assistant may interpret them as commands and execute SQL unintentionally ｣

https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/

Breaking news: Supabase's new "Lethal Trifecta" feature ensures entire databases leak faster than a sieve ! With the innovative combo of LLM blunders, zero #security, and an express delivery system for #data breaches, it's a hacker's dream come true !
https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/ #Supabase #Lethal #Trifecta #breach #database #hacker #news #HackerNews #ngated

"#Supabase #MCP can leak your entire #SQL #database"

#Security #LLM

https://www.generalanalysis.com/blog/supabase-mcp-blog

@neurovagrant

> "Lovable, for instance, uses AI models to create websites instantly. But for websites to do much of anything, they need to be connected to databases that store things like user accounts and payment information. Lovable doesn’t build those databases itself. It offers users an easy way to connect to a database service run by a startup called #Supabase."

as someone with what qualifies as a category expert on postgres who dove into building an app w/supabase last year, all i can say is that nothing about this surprises me.

https://universeodon.com/@cryptadamist/114649803259853811

Not a fun thing to do, but easier and quicker than expected: https://ttntm.me/blog/migrating-from-fauna-to-supabase/

Declarative Schemas for simpler database management

https://supabase.com/blog/declarative-schemas

Postgres Language Server: Initial Release

https://github.com/supabase-community/postgres-language-server

#HackerNews #Postgres #Language #Server #Initial #Release #supabase-community #postgres-language-server #tech #news #software #development

Any #Supabase users here?

Migration from Fauna (RIP) looks easy enough (https://supabase.com/blog/migrating-from-fauna-to-supabase), just wondering if there's anything else to consider before switching.

Context: 2 side projects, max. 50 users (would be Supabase's "Free" tier).

Bonjour les francophones

Vous avez des blocages ou des questions sur @silex ? Passez les poser en live pendant l'émission de vendredi: https://events.silex.me/

Le thème abordé avant les questions sera "Silex vs Weweb"

> #Silex pour les sites statiques avec du contenu dynamique
> #Weweb pour les webapps en mode IA
> Les deux ont des intégrations #supabase et #n8n

A vendredi 14h15 :)

New blog post! Dive into my guide on Self-Hosting Supabase with Docker and Traefik as a reverse proxy. Learn how to manage routing, SSL, and security for your Supabase stack on a VPS. Check it out! #Supabase #Docker #Traefik #DevOps

https://flori.dev/reads/supabase-self-host-docker-traefik-reverse-proxy

looking at building a #fullstack web application and looking at my options for #rad #development of the frontend. I'm thinking of using #supabase for the #backend.

It's a fairly simple #CRUD app - or maybe a SCRUD or CRUDS app? The S being for #search

I'd pondering everything from a #lowcode tool to various #frameworks / #libraries - e.g. #react, #vue, #htmx, #materialui, etc.

Thoughts, recommendations?

Rate limiting in Supabase? Cron UI? Get it in #2 of my newsletter

https://news.supa.guide/p/2-rate-limiting-with-supabase-and-a-cron-ui

#Software #Alternatives #Quote

"...for every paid #SaaS, there is a #free #opensource #selfhosted #alternative:

#Zoom -> #Jitsi
#Notion -> #Appflowy
#Jira -> #Plane
#Airtable -> #NocoDB
#Vercel -> #Coolify
#Heroku -> #Dokku
#Firebase -> #Pocketbase / #Appwrite / #Convex / #Supabase
#Shopify -> #Prestashop
#GitHub -> #GitLab
#Slack -> #Mattermost
#Salesforce #CRM -> #ERPNext
#Dropbox -> #NextCloud
#Mailchimp -> #Mautic
#Trello -> #Wekan
#Docusign -> #Docuseal
#Calendly -> #Cal dot com
#Datadog -> #Prometheus
#Google #Analytics -> #Matomo
#Microsoft #Office365 -> #LibreOffice
#Asana -> #OpenProject

what else?

Reposted with hashtags from #Fireship #Quotes:
https://bird.makeup/users/fireship_dev/statuses/1828485695029260356

#Database․build: Browser-based #PostgreSQL Development Environment

Runs completely in-browser using #WASM technology powered by #PGlite, with data persistence via #IndexedDB
Features #AI assistance for database operations, including smart CSV imports and automated report generation
Built-in tools for creating charts and database diagrams with drag-and-drop functionality
Developed using #Nextjs framework with #S3 deployment capabilities in development
#Opensource project (Apache 2.0) by the #Supabase community

Learn more: https://github.com/supabase-community/postgres-new

So, I’ve written something that is kind of like an ORM for #Supabase and #svelte.

But for many tables, some columns are only filled in when the row is written. Autoincrementing IDs, created_at timestamps, etc etc.

I'm not sure how I ought to handle this and keep everything typesafe. At creation time, I’m creating a record (object that looks like a row) but it's missing the autogenerated columns, which means my "optimistic" record is not a valid row record.

But I don't want to relax the type definition for a record since I want the record type to include those columns later on.

Not sure how other ORMs handle this situation.

I always say to people if I ever were to start a company, I'd want it to be like #Supabase

https://supabase.com/blog/why-supabase-remote

Easily Bind Supabase with Flutter Calendar and Perform CRUD Actions.

#flutter #mobiledev #dart #supabase #xplat #ux
https://www.syncfusion.com/blogs/post/bind-supabase-in-flutter-calendar?utm_source=alvinashcraft&utm_medium=email&utm_campaign=alvinashcraft_blog_edmaug24

Anyone have any luck getting #django, #zappa, #supabase working?

Psycopg is fucking with me hard.

#aws #devops

Please boost