database-query-server
Verified Safeby PawelK2012
Overview
A Go-based MCP server that provides a JSON-RPC API for executing SQL SELECT queries, prepared statements, and retrieving schema information for PostgreSQL databases.
Installation
make runEnvironment Variables
- POSTGRES_USER
- POSTGRES_PW
- POSTGRES_DB
- PGADMIN_DEFAULT_EMAIL
- PGADMIN_DEFAULT_PASSWORD
Security Notes
The server uses parameterized queries (`ExecPrepared`, `GetSchema`, `GetStatus`) which effectively prevents SQL injection for these operations. For `execute_query`, there is an explicit check (`internal/utils/utils.go:CheckFirstWord`) to ensure the query starts with 'SELECT', significantly mitigating risks of arbitrary DDL/DML execution. Environment variables are used for sensitive database credentials. Direct SQL execution for 'SELECT' queries still carries inherent risks, but the implemented controls greatly reduce the attack surface. No 'eval' or similar dangerous patterns are used.
Similar Servers
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
postgres-mysql-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query PostgreSQL and MySQL databases for schema introspection and data retrieval.
dx-mcp-server
Empowers AI applications to interact with and query a user-provided Postgres database via the Model Context Protocol (MCP).
pg-mcp
A read-only PostgreSQL server providing database information and query execution via the Model Context Protocol (MCP).