MCP_Server
by Subham-CB
Overview
Provides a natural language interface to query a relational database by generating and executing SQL through an AI model.
Installation
java -jar target/mcp_server-0.0.1-SNAPSHOT.jarEnvironment Variables
- SPRING_DATASOURCE_URL
- SPRING_DATASOURCE_USERNAME
- SPRING_DATASOURCE_PASSWORD
- SPRING_AI_OPENAI_API_KEY
- MCP_ALLOWED_TABLES
Security Notes
The server attempts to mitigate SQL injection by whitelisting only 'SELECT' queries, explicitly banning DML/DDL statements, and validating referenced tables against an 'mcp.allowed.tables' configuration. However, a critical oversight is the lack of column-level access control; the 'allowedColumns' map is initialized but never used. This means that if the AI generates a query selecting sensitive columns from an allowed table, those columns would be exposed. The regex used for extracting table names is relatively simple and might not catch all complex SQL constructs, potentially allowing clever bypasses if the AI generates such a query. No direct 'eval' or similar patterns for arbitrary code execution were found, but the potential for unauthorized data exposure via SQL generation is a significant concern.
Similar Servers
nlp2sql
Converts natural language queries to optimized SQL for enterprise-scale databases, supporting multiple AI providers and robust schema management.
hello-spring-mcp-server
This server provides a set of tools for AI agents to query employee skills and retrieve employees based on specific skills from an in-memory dataset.
Dynamic-Smart-MCP
An intelligent FastMCP 2 server that converts natural language questions into SQL queries or API requests for any SQL database or OpenAPI-defined API using AI.
springboot-mcp-server
An AI-powered Spring Boot server for student management, demonstrating tool-use capabilities with an external large language model.