jbz
jbz boosted
activity timestamp last week

💧 Supabase MCP can leak your entire SQL database

「 The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. At the same time, it reads customer-submitted messages as part of its input. If one of those messages contains carefully crafted instructions, the assistant may interpret them as commands and execute SQL unintentionally 」

https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/

#supabase #databreach#mcp #sql

maco
maco boosted
Boyd Stephen Smith Jr.
@BoydStephenSmithJr@hachyderm.io  ·  activity timestamp 2 weeks ago

I want to be your next #FediHire ! I've been a programmer since 1985 (as a child), I've been an IT professional since 1995 (pulling wires and swapping cards and configuring MS Windows). I graduated from University of Arkansas Fayetteville with a BS in CS in December of 2003. A full resume is available.

I currently require a 100% remote position. I cannot relocate from Cove, #Arkansas. I would prefer W-2 employment with a base salary of at least 130k USD/yr, plus some sort of retirement offering (401k or similar) and healthcare benefits (HDCP + HSA or similar).

I prefer something where I can be a high-performing individual contributor: reading, writing and improving source text the majority of my day, with some time spent knowledge-sharing with other developers -- learning and teaching. I'd like to work with #Haskell, #Purescript, or #Idris as the primary source language. I've previously delivered value in Haskell, #Javascript, #SQL, #Python, #Scala, #Java, #C, and #C++ among others. I can be productive in almost any language (no PHP, please; I promised myself never again).
argv minus one
@argv_minus_one@mastodon.sdf.org  ·  activity timestamp 3 weeks ago

I'm told that the purpose of #SQL was to allow people to query the #database without needing to concern themselves with how exactly the database works. Just ask it for what you want, and let it figure out how to make it happen.

Except…if the database isn't indexed appropriately for your query, it'll be slow, so you still do need to know how the database works. 🤔

I wonder if RDBMSes should automatically create indexes as needed? But there's probably a reason why they don't.
Jonathan Lamothe
@me@social.jlamothe.net  ·  activity timestamp 4 months ago

I am in urgent job search mode, so I'm gonna throw this out here and see if anything comes of it.

I am a #Canadian, fluent in both #English and #French. I have experience with several programming languages. My strongest proficiency is with #Haskell and #C. I also have a reasonable grasp of #HTML, #JavaScript, #SQL, #Python, #Lua, #Linux system administration, #bash scripting, #Perl, #AWK, some #Lisp (common, scheme, and emacs), and probably several others I've forgotten to mention.

I am not necessarily looking for something in tech. I just need something stable. I have done everything from software development, to customer support, to factory work, though my current circumstances make in-person work more difficult than remote work. I have been regarded as a hard worker in every job I have ever held.

#GetFediHired