top | item 46691785

(no title)

gregoriol | 1 month ago

Why in the hell would it be able to access a _remote_ database?! In no acceptable dev environment would someone be able to access that.

discuss

heartbreak|1 month ago

Everywhere I’ve ever worked, there was always some way to access a production system even if it required multiple approvals and short-lived credentials for something like AWS SSM. If the user has access, the agent has access, no matter how briefly.

gregoriol|1 month ago

Not if you require auth with a Yubikey, not if you run the LLM client inside a VM which doesn't have your private ssh key, ...

prodigycorp|1 month ago

Supabase virtually encouraged it last year haha. I tried using it once and noped out after using it for an hour, when claude tried to do a bunch of migrations on prod instead of dev.

https://web.archive.org/web/20250622161053/https://supabase....

Now, there are some actual warnings. https://supabase.com/docs/guides/getting-started/mcp#securit...

kaydub|1 month ago

I think LLMs are exposing how slapdash many people work when building software.