undefined | Better HN

0 pointskiwicopple3y ago0 comments

These appear to be local credentials (supabase init, supabase start), but I'll reach out to the founders now to make sure everything is secure on their Production database/APIs. We are a GitHub secret scanning partner [0], so hopefully this was caught early.

---

For any other founders reading this, it's recommended to add a `SECURITY.md` to your repo before doing a ShowHN/LaunchHN. This can be exposed in your `.well-known` folder (eg: https://supabase.com/.well-known/security.txt). This will help with responsible disclosures.

[0] GitHub secret scanning: https://github.blog/changelog/2022-03-28-supabase-is-now-a-g...

0 comments

2 comments · 2 top-level

kanyethegreat3y ago

> Do not reveal the problem to others until it has been resolved,

sorry, probably shouldn't have pointed that out. noted for future reference.

aside: big fan of Supabase, Paul! it's a pleasure using it!

justintorre753y ago

This is exactly right, thanks a bunch for checking. Also, thanks for the note! We will add a SECURITY.md

j / k navigate · click thread line to collapse