aligneurs-mcp-server
by Wesype
Overview
This server provides a Model Context Protocol (MCP) interface to query a PostgreSQL database containing aligner activity data, primarily for AI agents.
Installation
python server.pyEnvironment Variables
- DATABASE_PUBLIC_URL
- DATABASE_URL
- PORT
- DATABASE_HOST
- DATABASE_PORT
- DATABASE_NAME
- DATABASE_USER_NAME
- DATABASE_PASSWORD
Security Notes
CRITICAL SQL INJECTION VULNERABILITY: The `query_sql` tool directly executes SQL SELECT queries provided by the agent. Although it restricts queries to start with 'SELECT' or 'WITH', it does not use parameterized queries. This leaves it vulnerable to SQL injection if an agent (or a malicious user prompting the agent) provides specially crafted input (e.g., `SELECT * FROM activities WHERE patient_id = 123 OR 1=1;`), allowing unauthorized data access or manipulation. CRITICAL HARDCODED CREDENTIALS: Several auxiliary scripts (`import_csv_to_postgres.py`, `import_csv_optimized.py`, `create_schema.py`, `setup_railway.sh`) within the repository contain hardcoded PostgreSQL credentials (password `UqtALrZoRLKifgxpMKUhVcfBYGOIdRDK`). While the main server uses environment variables, these scripts pose a significant security risk by exposing sensitive database access information.
Similar Servers
MCP-PostgreSQL-Ops
The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.
dx-mcp-server
Empowers AI applications to interact with and query a user-provided Postgres database via the Model Context Protocol (MCP).
mcp-postgres
Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.