I mean this is generally repulsive, but please I beg of you, run this exclusively against a read only replica. I mean, you should have one for exploratory queries _anyway_, but nobody ever does that.
"Validating the query to ensure it's safe and well-formed" all I can say to that is "ROFL. LMAO."
Yep. MCP is a project run by Anthropic (https://github.com/modelcontextprotocol) that "enables seamless integration between LLM applications and external data sources and tools."
They host a repo with lots of what they call "reference" implementations, including this one for postgres which naively takes a query from a request and shoves it at your database with no validation, escaping, anything: https://github.com/modelcontextprotocol/servers/blob/7d6cdb6...
There's an issue calling this out, and it's been labeled a bug, but still.
When you go to their documentation, the only example of actually building a server is this section where they just...use an LLM to build it. Here's their prompt:
> Build an MCP server that:
- Connects to my company's PostgreSQL database
- Exposes table schemas as resources
- Provides tools for running read-only SQL queries
- Includes prompts for common data analysis tasks
So, I think there's a fairly high chance that all of the "reference implementations" they're hosting are AI generated with basically no security considerations or code reviews made.
"Validating the query to ensure it's safe and well-formed" all I can say to that is "ROFL. LMAO."