MSSQL_MCP_Server-custom-fork-
by Winds-AI
Overview
Enables Large Language Models (LLMs) to interact with and query an MSSQL database using natural language.
Installation
npm startEnvironment Variables
- SERVER_NAME
- DATABASE_NAME
- READONLY
- CONNECTION_TIMEOUT
- REQUEST_TIMEOUT
- TRUST_SERVER_CERTIFICATE
- AZURE_AUTH_MODE
Security Notes
The `ReadDataTool` implements strong SQL injection prevention for SELECT queries, including keyword blocking, pattern matching, and disallowing multiple statements. However, `CreateTableTool`, `CreateIndexTool`, `InsertDataTool`, and `UpdateDataTool` are highly vulnerable to SQL injection. These tools directly interpolate critical user-provided inputs (such as table names, column names, column types, and especially the WHERE clause) into SQL queries without proper validation or parameterization. This allows an attacker to execute arbitrary SQL commands if `READONLY` is set to `false`.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
azure-cosmos-mcp-server-samples
Enables AI assistants (LLMs like Claude, Continue.dev) to interact with and query Azure Cosmos DB databases using natural language.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.
warp-sql-server-mcp
An MCP server for SQL Server, enabling AI assistants to securely interact with databases for schema discovery, data retrieval, query execution, performance monitoring, and optimization.