I would like to clarify a few things:
- I did not hack the site as Kyle has been making people think
- The site was exposing user IPs due to a shitty vibe coded update. This update made it so if you are logged in, you can only see the data you have added, however, if you are signed out, you can see all data. This includes the last_ip_address column in the database.
- Since this issue is now fixed, I can reveal that you could grab the IP addresses of every single user by making a single GET request to
- This does not count as hacking, bypassing or breaking into any systems, this was public information exposed by the very poorly set up database.
- This is also the perfect time to say that RLS is not good unless you can set it up absolutely perfectly, and having an offline database is way better since you're not exposing it to the internet at all.
- I did not hack the site as Kyle has been making people think
- The site was exposing user IPs due to a shitty vibe coded update. This update made it so if you are logged in, you can only see the data you have added, however, if you are signed out, you can see all data. This includes the last_ip_address column in the database.
- Since this issue is now fixed, I can reveal that you could grab the IP addresses of every single user by making a single GET request to
- This does not count as hacking, bypassing or breaking into any systems, this was public information exposed by the very poorly set up database.
- This is also the perfect time to say that RLS is not good unless you can set it up absolutely perfectly, and having an offline database is way better since you're not exposing it to the internet at all.
Comments
There are no comments here yet!
Come back later to see if someone commented something or create one!