mcp-read-only-sql
Verified Safeby lukleh
Overview
Provides a secure, read-only SQL query interface to PostgreSQL and ClickHouse databases via the Model Context Protocol (MCP).
Installation
uv run python -m src.serverEnvironment Variables
- DB_PASSWORD_{CONNECTION_NAME_UPPER_WITH_UNDERSCORES}
- SSH_PASSWORD_{CONNECTION_NAME_UPPER_WITH_UNDERSCORES}
Security Notes
The server implements a robust three-layer security model including database-level read-only enforcement, query timeouts, and result size limits. SQL injection is mitigated by input sanitization (`sql_guard.py`) and explicit multi-statement rejection. Subprocess execution (`psql`, `clickhouse-client`, `sshpass`) avoids `shell=True` for arguments, preventing shell injection. Sensitive data (passwords) are primarily sourced from environment variables, not stored in configuration files. The DBeaver importer contains hardcoded keys for decrypting DBeaver's default encrypted credentials, which is a minor detail for its specific (import) use case and not a general server vulnerability. Overall, the codebase demonstrates a strong focus on security best practices for database access.
Similar Servers
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.
pg-mcp
A read-only PostgreSQL server providing database information and query execution via the Model Context Protocol (MCP).
mcp-postgres
Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.
mssql-read-only-mcp
This server provides a lightweight, read-only interface for interacting with an MSSQL database, allowing users to list tables, describe their structure, and execute SELECT queries.