|
|
|
|
|
|
by gku
136 days ago
|
|
|
API key exposed in client-side JavaScript X) > We conducted a non-intrusive security review, simply by browsing like normal users. Within minutes, we discovered a Supabase API key exposed in client-side JavaScript, granting unauthenticated access to the entire production database - including read and write operations on all tables. |
|
|
how is this even possible? wtf