Exposed MCP servers across the internet

(www.knostic.ai)

78 points gepeto42 | 2 comments | 18 Jul 25 13:29 UTC | HN request time: 1.865s | source

Show context

john_minsk ◴[18 Jul 25 15:52 UTC] No.44606151[source]▶

Hmmm. I thought that's the idea of MCP server - give LLM an interface to use your service. Why would it require authentication? One of the tools could be to authenticate. Please destroy this position if I'm wrong.

replies(2): >>44606856 #>>44606927 #

1. victorbjorklund ◴[18 Jul 25 16:48 UTC] No.44606927[source]▶

>>44606151 #

That only makes sense if models were autonomously adding MCP servers and managing accounts themselves. Currently, users add MCP servers to their clients (like Cursor or Claude Desktop), so authentication should happen at that level. If the model handled auth, you'd still need to provide credentials to the LLM for it to provide it to the MCP server anyway. It's better to pass auth data as for example headers in requests - this way your credentials never get sent to the model provider (unless you're running locally).

replies(1): >>44608283 #

2. oceanplexian ◴[18 Jul 25 18:37 UTC] No.44608283[source]▶

>>44606927 (TP) #

Ironically, you could probably write an MCP server to give the model the capability to do exactly that.

↑