MCP_Server
by Subham-CB
Overview
Provides a natural language interface to query a relational database by generating and executing SQL through an AI model.
Installation
java -jar target/mcp_server-0.0.1-SNAPSHOT.jarEnvironment Variables
- SPRING_DATASOURCE_URL
- SPRING_DATASOURCE_USERNAME
- SPRING_DATASOURCE_PASSWORD
- SPRING_AI_OPENAI_API_KEY
- MCP_ALLOWED_TABLES
Security Notes
The server attempts to mitigate SQL injection by whitelisting only 'SELECT' queries, explicitly banning DML/DDL statements, and validating referenced tables against an 'mcp.allowed.tables' configuration. However, a critical oversight is the lack of column-level access control; the 'allowedColumns' map is initialized but never used. This means that if the AI generates a query selecting sensitive columns from an allowed table, those columns would be exposed. The regex used for extracting table names is relatively simple and might not catch all complex SQL constructs, potentially allowing clever bypasses if the AI generates such a query. No direct 'eval' or similar patterns for arbitrary code execution were found, but the potential for unauthorized data exposure via SQL generation is a significant concern.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
nlp2sql
Converting natural language queries to optimized SQL for enterprise databases using multiple AI providers.
Dynamic-Smart-MCP
An intelligent FastMCP 2 server that converts natural language questions into SQL queries or API requests for any SQL database or OpenAPI-defined API using AI.
springboot-mcp-server
An AI-powered Spring Boot server for student management, demonstrating tool-use capabilities with an external large language model.