MCP-SERVER
by sparsh3104
Overview
A stateless, multi-tenant Model Context Protocol (MCP) server that exposes MySQL database operations as callable tools over various transports.
Installation
python server.py --transport httpEnvironment Variables
- MCP_API_KEYS
- MYSQL_HOST
- MYSQL_PORT
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DB
- TENANT_{ID}_DB
- MCP_HOST
- MCP_PORT
Security Notes
CRITICAL SQL INJECTION VULNERABILITIES: The `run_select_impl` function directly executes user-provided SQL queries, allowing for arbitrary SQL injection. Furthermore, `get_table_schema_impl` and `insert_row_impl` construct SQL queries using f-strings with user-provided `table_name` and `row` dictionary keys (for column names) without proper escaping for identifiers, which could also lead to SQL injection. This makes the server highly vulnerable to malicious database operations.
Similar Servers
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
postgres-mysql-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.
mcp_sql_demo
Provides secure, multi-database access for LLMs to inspect MySQL schemas and execute SQL queries, supporting both read and configurable write operations with fine-grained schema-specific permissions.
mysql_mcp_server
This server provides a Model Context Protocol (MCP) interface to a MySQL database, enabling AI models to execute SQL queries and retrieve database schema information.