mcp-server-sql-tool
by Ashafaatadhis
Overview
A NestJS backend server providing API endpoints for user initialization and executing user-defined SQL queries against a PostgreSQL database with security guards.
Installation
npm run start:prodEnvironment Variables
- DATABASE_URL
- NODE_ENV
- SQL_STATEMENT_TIMEOUT_MS
- SQL_MAX_LIMIT
Security Notes
The server exposes an endpoint to execute arbitrary SQL queries provided by the user, which is inherently high-risk. While a `SqlGuard` is implemented to blacklist dangerous keywords (e.g., INSERT, UPDATE, DELETE, DROP, ALTER, CREATE) and enforce SELECT/WITH statements, such regex-based blacklisting can often be bypassed by sophisticated attackers. The use of `SET LOCAL search_path` based on a sanitized `telegram_id` provides a degree of schema isolation, but its effectiveness relies heavily on the `telegram_id` being correctly sanitized and the database's user/schema permissions being meticulously configured. Direct execution of user-supplied SQL strings via `client.query(q)` (even after validation) is less safe than using parameterized queries with a robust SQL parser. No hardcoded secrets were found; sensitive configurations are managed via environment variables.
Similar Servers
langgraph-dev-navigator
Provides a RAG and Knowledge Graph powered backend for grounding AI coding assistants in the LangGraph ecosystem, improving code generation accuracy and reducing hallucinations.
mcp_ohmy_sql-project
A Model Context Protocol (MCP) server that connects AI assistants to various SQL databases, providing intelligent query optimization, schema introspection, and secure, token-efficient data interaction.
polarbase
Extensible open-source data backend for PostgreSQL with a multi-view UI (spreadsheet), AI agent integration via MCP, and real-time capabilities.
ai-specs
This server provides a backend API for an Applicant Tracking System (ATS), primarily focusing on managing job positions and candidates within an AI-assisted development context.