Head·word /ˈhedˌwɜː(ɹ)d/ n. @headword

0 posts0 participants0 posts today

**TechnoTenshi** @technotenshi@infosec.exchange · Jul 8

TechnoTenshi @technotenshi@infosec.exchange

Supabase's MCP is vulnerable to "lethal trifecta" attacks where LLMs with elevated DB access, exposed to user input, can be tricked into leaking sensitive data. Read-only mode helps but doesn't eliminate risk.

https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/

Simon Willison’s WeblogSupabase MCP can leak your entire SQL databaseHere's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back …

#PromptInjection #LLMSecurity #Supabase

**Jesus Castagnetto** @jmcastagnetto@mastodon.social · Jul 6

Jul 6

Jesus Castagnetto @jmcastagnetto@mastodon.social

"#Supabase #MCP can leak your entire #SQL #database"

#Security #LLM

https://www.generalanalysis.com/blog/supabase-mcp-blog

www.generalanalysis.comSupabase MCP can leak your entire SQL database | General AnalysisIn this post, we show how an attacker can exploit Supabase’s MCP integration to leak a developer’s private SQL tables. Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces.

Replied in thread

**⚯ Michel de Cryptadamus ⚯** @cryptadamist@universeodon.com · Jun 8 *

Jun 8 *

⚯ Michel de Cryptadamus ⚯ @cryptadamist@universeodon.com

@nixCraft #supabase, even without the AI, is like custom made for security flaws.

"sure, let's make everyone configure their app's permissions via postgres stored procedures and start out with everything publicly writeable. what could go wrong?"

**FreeSchool=Wrk & Friendship!** @freeschool@qoto.org · Dec 22, 2024

Dec 22, 2024

FreeSchool=Wrk & Friendship! @freeschool@qoto.org

#Software #Alternatives #Quote

"...for every paid #SaaS, there is a #free #opensource #selfhosted #alternative:

#Zoom -> #Jitsi
#Notion -> #Appflowy
#Jira -> #Plane
#Airtable -> #NocoDB
#Vercel -> #Coolify
#Heroku -> #Dokku
#Firebase -> #Pocketbase / #Appwrite / #Convex / #Supabase
#Shopify -> #Prestashop
#GitHub -> #GitLab
#Slack -> #Mattermost
#Salesforce #CRM -> #ERPNext
#Dropbox -> #NextCloud
#Mailchimp -> #Mautic
#Trello -> #Wekan
#Docusign -> #Docuseal
#Calendly -> #Cal dot com
#Datadog -> #Prometheus
#Google #Analytics -> #Matomo
#Microsoft #Office365 -> #LibreOffice
#Asana -> #OpenProject

what else?

Reposted with hashtags from #Fireship #Quotes:
https://bird.makeup/users/fireship_dev/statuses/1828485695029260356

bird.makeupFireshipRemember, for every paid SaaS, there is a free open-source self-hosted alternative: Notion -> Appflowy Zoom -> Jitsi Jira -> Plane Airtable -> NocoDB Vercel -> Coolify Heroku -> Dokku Firebase -> Pocketbase/Appwrite/Convex/Supabase Shopify -> Prestashop GitHub -> GitLab Slack -> Mattermost Salesforce CRM -> ERPNext Dropbox -> NextCloud Mailchimp -> Mautic Trello -> Wekan Docusign -> Docuseal Calendly -> Cal dot com Datadog -> Prometheus Google Analytics -> Matomo Microsoft Office 365 -> LibreOffice Asana -> OpenProject what else?

**activenode** @activenode@mastodon.social · Oct 2, 2024

Oct 2, 2024

activenode @activenode@mastodon.social

Exact copy of a Postgres table? Easy.

#webdev #postgres #database

**John Helveston, Ph.D.** @jhelvy@fediscience.org · Aug 26, 2024

Aug 26, 2024

John Helveston, Ph.D. @jhelvy@fediscience.org

New #Rstats Package

Do you use surveys and like Quarto / RMarkdown? Then we have the perfect package for you!

Introducing #surveydown: A platform for making markdown-based surveys with #Quarto, #shiny, and #Supabase A quick ...

https://surveydown.org/blog/2024-08-21-introducing-surveydown/

https://surveydown.orgIntroducing surveydown: A markdown-based framework for generating surveys with Quarto and shiny – surveydown.orgA quick overview of the {surveydown} R package for making markdown-based surveys with open-source technologies: Quarto, shiny, and supabase.

**Joe Steinbring** @joe@jws.social · Aug 12, 2024

Aug 12, 2024

Joe Steinbring @joe@jws.social

I saw https://postgres.new pop up on Hacker News. That is kind of neat but it feels a little dangerous to feed your dataset into a random AI model.

https://www.youtube.com/watch?v=ooWaPVvljlU

#Supabase #AI #PostgreSQL

postgres.newPostgres SandboxIn-browser Postgres sandbox with AI assistance

Continued thread

**Reilly Spitzfaden (they/them)** @reillypascal@hachyderm.io · May 21, 2024

May 21, 2024

Reilly Spitzfaden (they/them) @reillypascal@hachyderm.io

Fun update: if you scroll to the bottom of the post, I just coded a reaction button from scratch! I'll do a writeup of that later, but it's very similar to how I did the comments (https://reillyspitzfaden.com/blog/01-14-2024), and I used another table in the same Supabase database. I even got the button to remember it's been clicked using window.localStorage.

reillyspitzfaden.comReilly Spitzfaden, Composer | 01-14-2024, Do Read the CommentsA writeup of using Netlify serverless functions and Supabase to code a comments section on a static site

#IndieWeb #Blog #WebDev

**Joe Steinbring** @joe@toot.works · Apr 22, 2024

Apr 22, 2024

Joe Steinbring @joe@toot.works

I am posting an #Ollama article per day to @joe@jws.news this week to lay some groundwork for a series on embedding. I was reading about what #Supabase is doing in the space (https://supabase.com/blog/ai-inference-now-available-in-supabase-edge-functions) and trying to decide if I should look into that also.

Supabase · Apr 16, 2024AI Inference now available in Supabase Edge FunctionsUse embeddings and large language models on the edge with Supabase Edge Functions.

**Anupam 《ミ》λ≡** @haskman@functional.cafe · Dec 19, 2023

Dec 19, 2023

Anupam 《ミ》λ≡ @haskman@functional.cafe

I always enjoy seeing #Postgrest on #HN! https://postgrest.org/en/stable/how-tos/providing-html-content-using-htmx.html

Postgrest is of course written in #Haskell. But what I didn't know was that #Supabase is based on Postgrest, and they employ the lead developer of postgrest to work on it fulltime, which means Supabase is also based on Haskell!

#FunctionalProgramming everywhere!

PostgRESTProviding HTML Content Using Htmxauthor, Laurence Isla,. This how-to shows a way to return HTML content and use the htmx library to handle the AJAX requests. Htmx expects an HTML response and uses it to replace an element inside the DOM (see the htmx introduction in the docs). Preparatory Configuration: We will make a to-do app ...

**Rene Pot** @wraldpyk@mastodon.social · Aug 24, 2023

Aug 24, 2023

Rene Pot @wraldpyk@mastodon.social

Hi all! I'm here from a new account,I was previously on #fosstodon, but due to recent drama didn't feel like I belonged there anymore.

I'm a #JavaScript developer and a Developer Advocate at #DHIS2, which is an NGO.

Currently working on a new startup as a CTO/backend developer with #express and #supabase.

Also love #neoclassical music, and play indie games on steam.

Here's a recent playlist I made: https://open.spotify.com/playlist/2hug3cbgcNd1Ck6aeASTpM?si=63fc8e1c6fa3453f

Also a curator on steam: https://store.steampowered.com/curator/35454332/ #introduction

SpotifyDeep InstrumentalDeep Instrumental · Playlist · 23 songs · 3 likes

**Andros Fenollosa** @andros@hostux.social · Apr 2, 2023

Apr 2, 2023

Andros Fenollosa @andros@hostux.social

En Infinita Recursión #36: alumnos creando Instagram en unas horas, que es el algoritmo Run-Length Encoding, Richard Karp por Camilo Chacón y reto sobre Tetris.
¡Suscríbete ya para recibirlo! https://newsletter.andros.dev
#javascript #VueJS #nuxtjs #supabase

**Andros Fenollosa** @andros@hostux.social · Mar 31, 2023

Mar 31, 2023

Andros Fenollosa @andros@hostux.social

Hoy en clase hemos hecho un Instagram muy básico usando Nuxt 3 y Supabase.
Se pueden subir imágenes, dar Likes y funciona en tiempo real entre todos los visitantes.
Por si queréis jugar lo he desplegado en GitHub: https://tanrax.github.io/idegram/
#javascript #supabase #nuxtjs

Drag & drop to upload

Recent searches

Search options

Administered by:

Server stats:

#Supabase