postgres-mysql-mcp-server
by TranChiHuu
Overview
A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.
Installation
npx postgres-mysql-mcp-serverEnvironment Variables
- DB_TYPE
- DB_HOST
- DB_PORT
- DB_DATABASE
- DB_USER
- DB_PASSWORD
- DB_SSL
- POSTGRES_HOST
- POSTGRES_PORT
- POSTGRES_DATABASE
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_SSL
- MYSQL_HOST
- MYSQL_PORT
- MYSQL_DATABASE
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_SSL
Security Notes
CRITICAL SQL Injection Vulnerability: The MySQL `describe_table` tool directly interpolates the `tableName` argument into the SQL query (`DESCRIBE ${tableName}`) without proper escaping (e.g., `mysql.escapeId` or using `connection.execute` with `??` placeholders). This allows a malicious `tableName` (e.g., `users; DROP TABLE sensitive_data;`) to execute arbitrary SQL commands. A similar risk exists for `list_tables` if the database name itself (from `DB_DATABASE` or `connect_database` parameters) could be injected. PostgreSQL queries appear to use parameterized queries correctly where applicable. The server correctly uses environment variables for credentials, mitigating hardcoded secret risks. SSL is supported for connections. However, the direct SQL injection for MySQL is a critical flaw.
Similar Servers
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
dx-mcp-server
Empowers AI applications to interact with and query a user-provided Postgres database via the Model Context Protocol (MCP).
postgresql-mcp
Provides a Model Context Protocol (MCP) server for Claude Code to interact with PostgreSQL databases through a set of read-only tools.
mcp_sql_demo
Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.