yii2-mcpserver
Verified Safeby strtob
Overview
Yii2 backend server providing token-based access to database tables and columns for LLM agents, including metadata, CRUD operations, and an admin GUI.
Installation
php yii serveSecurity Notes
The server demonstrates robust security features including token-based Bearer authentication, brute-force protection with progressive token locking and IP-based blocking, and rate limiting. All API requests are logged. Database interactions in `ToolsController` use parameterized queries, mitigating SQL injection risks. Column and table access are controlled by explicit permissions stored in `tbl_mcp_table` and `tbl_mcp_table_column`. No 'eval' or obvious obfuscation found. The admin GUI assumes an existing Yii2 user authentication system with permissions (e.g., 'mandates_see_all'), which is good practice for a module but implies external dependency for overall security context.
Similar Servers
php-mcp
Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).
symfony-mcp-server
Build intelligent AI agents by transforming Symfony applications into Model Context Protocol (MCP) servers, enabling LLM interaction with application logic, tools, prompts, and resources.
php-mcp-sdk
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
mcp-client-laravel
Laravel-native client for interacting with Model Context Protocol (MCP) servers to discover and call tools, and access resources for AI agents.