jewei-mssql-mcp-server
by jeweis
Overview
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
Installation
uvx jewei-mssql-mcp-serverEnvironment Variables
- DB_HOST
- DB_USER
- DB_PASSWORD
- DB_NAME
- DB_PORT
- SERVER_NAME
Security Notes
CRITICAL SQL Injection Vulnerability: The `get_table_info` and `list_show_tables` functions construct SQL queries by directly inserting `table_name` and `schema` using f-strings. This allows for SQL injection if malicious input is provided for these parameters. While `execute_query` attempts to filter dangerous keywords, this is a blacklist approach and is insufficient, and critically, it does not protect the `get_table_info` and `list_show_tables` tools. Additionally, the default database password is an empty string in `app_config.py`, and the connection string specifies `encrypt=no` and `trusted_connection=no`, which are weaker security configurations.
Similar Servers
mssqlMCP
The SQL Server MCP (Model Context Protocol) Server enables AI assistants like GitHub Copilot within Visual Studio Code to interact with SQL Server databases, allowing for SQL query execution, detailed database metadata retrieval, and management of connections and security.
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.
mssql-mcp-server
Provides an enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling schema discovery, data operations, profiling, and administration with strong governance controls.
mssql-read-only-mcp
This server provides a lightweight, read-only interface for interacting with an MSSQL database, allowing users to list tables, describe their structure, and execute SELECT queries.