mcp-mssql-server
by enzokamal
Overview
Connects to an MS SQL database to expose tables as resources and execute arbitrary SQL queries via an MCP (Multi-Modal Compute Platform) server.
Installation
python -m mssql_mcp_serverEnvironment Variables
- MSSQL_SERVER
- MSSQL_USER
- MSSQL_PASSWORD
- MSSQL_DATABASE
- MSSQL_PORT
- MSSQL_ENCRYPT
- MSSQL_COMMAND
- MODE
Security Notes
The `call_tool` function directly executes arbitrary SQL queries provided by the client via `cursor.execute(query)`, making it highly vulnerable to SQL injection and unauthorized database operations (read, write, delete, DDL) if exposed to untrusted input without additional, robust input sanitization and authorization layers. While environment variables are used for credentials (good practice), the core functionality of executing arbitrary SQL is a significant security risk. The `read_resource` function uses `validate_table_name` which helps prevent basic table name injection, but the `call_tool` functionality remains critical.
Similar Servers
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.
mssql-read-only-mcp
This server provides a lightweight, read-only interface for interacting with an MSSQL database, allowing users to list tables, describe their structure, and execute SELECT queries.
mssql-mcp-server
Provides an enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling schema discovery, data operations, profiling, and administration with strong governance controls.