DBMcp
by AbdelilahOu
Overview
This MCP server provides AI assistants with a standardized interface to connect, query, and manage various SQL databases, enabling data interaction and schema exploration.
Installation
./DBMcp stdio -c connections.jsonSecurity Notes
CRITICAL: Database credentials (usernames and passwords) are hardcoded directly into 'connections.json' as plain text. This file is likely committed to the repository, representing a severe exposure of sensitive information. The 'execute_query' tool allows direct execution of arbitrary SQL (INSERT, UPDATE, DELETE, CREATE, ALTER, DROP) provided by an AI, with only a weak blacklist for specific dangerous operations (like 'DROP DATABASE' or 'TRUNCATE'). This makes the server highly vulnerable to SQL injection, unauthorized data manipulation, and schema destruction if the AI's input is compromised or crafted maliciously. There is no explicit authentication or authorization layer implemented for AI clients interacting with the server's tools, relying solely on the underlying MCP transport's security (which is 'stdio' for local clients in the provided configuration, but can change).
Similar Servers
db-mcp-server
Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.