edit: updated my comment because I realized i was thinking of something else. Wh... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chasd00 57 days ago \| parent \| context \| favorite \| on: Supabase MCP can leak your entire SQL database edit: updated my comment because I realized i was thinking of something else. What you're saying is something like the LLM only has 5 preset queries to choose from and can supply the params but does not create a sql statement on its own. i can see how that would prevent sql injection.

threecheese 57 days ago [–]

Whitelisting the five queries would prevent SQL injection, but also prevent it from being useful.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact