DB_MCP_SERVER
Verified Safeby ShivankarMehta
Overview
Provides a read-only interface to a MySQL database, allowing external agents to execute safe SELECT, SHOW, DESCRIBE, or EXPLAIN queries via the Model Context Protocol.
Installation
node index.jsEnvironment Variables
- MYSQL_DATABASE
- MYSQL_HOST
- MYSQL_PORT
- MYSQL_USER
- MYSQL_PASSWORD
Security Notes
The server includes a robust 'isReadOnlyQuery' function that whitelists allowed SQL commands (SELECT, SHOW, DESCRIBE, EXPLAIN) and blacklists dangerous keywords (INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, TRUNCATE, REPLACE, INTO OUTFILE, INTO DUMPFILE, LOAD_FILE). This significantly mitigates SQL injection risks for write/schema modification operations. The keyword check uses `includes()`, which can sometimes be overzealous and block legitimate read-only queries if a blacklisted keyword appears within a string literal (e.g., `SELECT 'insert'`), but this is a strict safeguard rather than a vulnerability. Environment variables are used for database credentials, preventing hardcoded secrets. The server uses StdioServerTransport, limiting direct network exposure for this specific component.
Similar Servers
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
mcp_sql_demo
Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.
mysql_mcp_server
This server provides a Model Context Protocol (MCP) interface to a MySQL database, enabling AI models to execute SQL queries and retrieve database schema information.
mysql-mcp-server
This server provides a FastMCP interface to interact with a MySQL database, allowing retrieval of database schema and execution of arbitrary SQL queries.