search

benborla / mcp-server-mysql

A Model Context Protocol server that provides read-only access to MySQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.
MIT License
502 stars 74 forks source link

Unable to use blank mysql password #40

Closed robbielove closed 3 weeks ago

robbielove commented 1 month ago

Describe the bug
Out of the box, it's impossible to use a MySQL user with a blank password in @benborla29/mcp-server-mysql without manually modifying the source code.

The issue is caused by this line in index.js:

password: process.env.MYSQL_PASS || 'root',

This incorrectly falls back to 'root' whenever MYSQL_PASS is set to an empty string (""), since "" || 'root' resolves to 'root' in JavaScript. This means setting:

MYSQL_PASS=""

...will still result in a connection attempt using the password "root", leading to this error:

Error: Access denied for user 'root'@'localhost' (using password: YES)

Platform
Claude Desktop (but this applies generally to any environment trying to use the MCP server with a blank MySQL password).

MCP Configuration

{
  "mcpServers": {
    "mcp_server_mysql": {
      "command": "/opt/homebrew/bin/node",
      "args": [
        "/opt/homebrew/lib/node_modules/@benborla29/mcp-server-mysql/dist/index.js"
      ],
      "env": {
        "MYSQL_HOST": "127.0.0.1",
        "MYSQL_PORT": "3306",
        "MYSQL_USER": "root",
        "MYSQL_PASS": "",
        "MYSQL_DB": "chargenationcrm",
        "ALLOW_INSERT_OPERATION": "false",
        "ALLOW_UPDATE_OPERATION": "false",
        "ALLOW_DELETE_OPERATION": "false"
      }
    }
  }
}

Additional context
This is made significantly more frustrating by the fact that MySQL connection errors are not bubbled up or logged. The process exits with code 1, but there's no output explaining the failure unless the user manually adds console.error to the MCP server source code.

Expected behavior:

This took significant effort to debug due to lack of logs and poor fallback handling - would love to see this fixed.

robbielove commented 1 month ago 
        password: process.env.MYSQL_PASS !== undefined ? process.env.MYSQL_PASS : 'root',

on line 211 in index.ts will resolve this issue

The issue with the original code:

password: process.env.MYSQL_PASS || 'root',

is that it treats an empty string ("") as falsy, so it defaults to 'root' even when MYSQL_PASS is set to an empty string. The fix:

password: process.env.MYSQL_PASS !== undefined ? process.env.MYSQL_PASS : 'root',

ensures that if MYSQL_PASS is defined (even as an empty string), it will be used as the password. If MYSQL_PASS is undefined, it falls back to 'root'. This resolves the bug where blank passwords were being replaced by 'root'.

benborla commented 1 month ago

Hi, thank you for reporting, I will work on this.

benborla commented 3 weeks ago

This should be fixed now with the latest version.