mcp-server
by RafaPan04
Overview
This server provides a Model Context Protocol (MCP) interface to a PostgreSQL database, allowing clients (e.g., AI models) to query the database and retrieve table schemas via defined tools.
Installation
npm startEnvironment Variables
- DATABASE_URL
- POSTGRES_USER
- POSTGRES_HOST
- POSTGRES_DB
- POSTGRES_PASSWORD
- POSTGRES_PORT
- PORT
Security Notes
CRITICAL SQL INJECTION VULNERABILITY: The `query_database` tool directly executes the `args.query` parameter (`pool.query(args.query)` in `src/tools/queryDatabase.ts`) without any sanitization or parameterization. This allows an attacker to inject arbitrary SQL commands, potentially leading to data exfiltration, modification, deletion, or even remote code execution depending on database configuration. This is a severe vulnerability making the server unsafe to run with untrusted input. No hardcoded secrets were found as database configuration uses environment variables.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
MCP-PostgreSQL-Ops
The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.
dx-mcp-server
Empowers AI applications to interact with and query a user-provided Postgres database via the Model Context Protocol (MCP).