|
|
|
|
|
|
by kiwicopple
1187 days ago
|
|
|
These appear to be local credentials (supabase init, supabase start), but I'll reach out to the founders now to make sure everything is secure on their Production database/APIs. We are a GitHub secret scanning partner [0], so hopefully this was caught early. --- For any other founders reading this, it's recommended to add a `SECURITY.md` to your repo before doing a ShowHN/LaunchHN. This can be exposed in your `.well-known` folder (eg: https://supabase.com/.well-known/security.txt). This will help with responsible disclosures. [0] GitHub secret scanning: https://github.blog/changelog/2022-03-28-supabase-is-now-a-g... |
|
|
sorry, probably shouldn't have pointed that out. noted for future reference.
aside: big fan of Supabase, Paul! it's a pleasure using it!