PG_SQL_MCP_SERVER

The server implements strong multi-layered security measures, including SQL guardrails to prevent DDL/DML operations and common injection patterns (like `DROP`, `DELETE`, `pg_read_file`), Role-Based Access Control (RBAC) for granular permissions on databases, schemas, and tables, automatic row limiting and query timeouts. It supports various SSL/TLS modes for secure connections. Audit logging is comprehensive, and the configuration explicitly warns against hardcoded default secrets in production, recommending environment variables instead. While `sqlglot` is used for robust SQL parsing, a regex-based fallback for table extraction exists, which is a minor theoretical weakening compared to pure AST parsing, but still guarded by the overall validation. The project also provides explicit instructions on production security hardening (e.g., reverse proxy, secrets management).