mysqltuner_mcp
by isdaniel
Overview
A Model Context Protocol (MCP) server for MySQL performance tuning and analysis.
Installation
python -m mysqltuner_mcpEnvironment Variables
- MYSQL_URI
- MYSQL_POOL_SIZE
- MYSQL_SSL
- MYSQL_SSL_CA
- MYSQL_SSL_CERT
- MYSQL_SSL_KEY
- MYSQL_SSL_VERIFY_CERT
- MYSQL_SSL_VERIFY_IDENTITY
Security Notes
The `UserPrivilegesToolHandler` has a SQL injection vulnerability. Specifically, methods like `_get_user_privileges` construct SQL queries using f-strings to directly embed `username` and `hostname` values into the `WHERE` clause without proper escaping or parameterization (e.g., `WHERE User = '{username}' AND Host = '{hostname}'`). This allows an attacker to inject arbitrary SQL if they can control these inputs, potentially leading to unauthorized data access or manipulation. While most queries use parameterized statements via `SqlDriver`, this specific pattern bypasses that protection. No usage of `eval` or direct obfuscation was found. Database connection configuration, including SSL/TLS, is handled securely via environment variables and standard Python `ssl` module.
Similar Servers
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
mysql-mcp-server
Acts as a read-only MySQL server proxy that exposes database introspection and query execution tools to AI clients via the Model Context Protocol (MCP) or a REST API.
mysql-mcp
Provides an MCP (Model Context Protocol) server for MySQL, enabling AI agents to programmatically interact with and manage MySQL databases.
mcp_sql_demo
Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.