RLS is the answer here -- then injection attacks are confined to the rows that t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		oulu2006 6 months ago \| parent \| context \| favorite \| on: Supabase MCP can leak your entire SQL database RLS is the answer here -- then injection attacks are confined to the rows that the user has access to, which is OK. Performance attacks though will degrade the service for all, but at least data integrity will not be compromised.

pegasus 6 months ago [–]

> injection attacks are confined to the rows that the user has access to, which is OK

Is it? The malicious instructions would have to silently exfiltrate and collect data individually for each user as they access the system, but the end-result wouldn't be much better.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact