mssql-read-only-mcp
Verified Safeby coston
Overview
This server provides a lightweight, read-only interface for interacting with an MSSQL database, allowing users to list tables, describe their structure, and execute SELECT queries.
Installation
npx -y mssql-read-only-mcpEnvironment Variables
- SERVER_NAME
- DATABASE_NAME
- SQL_USER
- SQL_PASSWORD
- SQL_PORT
- TRUST_SERVER_CERTIFICATE
- CONNECTION_TIMEOUT
Security Notes
The server explicitly enforces read-only operations for all tools by validating that queries start with 'SELECT' and checking for dangerous keywords ('INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE', 'ALTER', 'TRUNCATE', 'EXEC', 'EXECUTE'). It also prevents multiple statements. Parameterized queries are used for 'list_table' and 'describe_table' to prevent SQL injection for structured inputs. While the 'read_data' tool accepts raw SQL, its sanitization efforts, including a 10,000 row limit, significantly mitigate common injection and denial-of-service risks. Credentials are handled via environment variables, not hardcoded.
Similar Servers
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.
pg-mcp
Serves as a Model Context Protocol (MCP) server providing read-only PostgreSQL database access and introspection tools.
mcp-postgres
Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.
mysql-mcp-server
Provides a programmatic interface for interacting with a MySQL database, enabling schema retrieval and arbitrary SQL query execution through an MCP server.