Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's crazy that, after all our experience with this, we're implementing another protocol that doesn't have any auth built in.

You'd think the last 30+ years of regret and hacky attempt to add auth to email and http (as just the top two to come to mind) hadn't happened.



I think the reason is that MCP also works over a pipe (stdio), which does not need authentication.


It doesn't need it if this vulnerability is the only one you're worried about (remote websites), but it'd be nice to have it before letting it use e.g. your Github account. This is how VS Code extensions work, for example, and it's pretty nice




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: