db-mcp
Verified Safeby neverinfamous
Overview
An enterprise-grade SQLite MCP server for database management, analytics, and AI-native operations with OAuth 2.0 authentication and granular access control.
Installation
docker run -i --rm -v $(pwd):/workspace writenotenow/db-mcp:latest --sqlite-native /workspace/database.dbEnvironment Variables
- DB_MCP_TOOL_FILTER
- DATABASE_URI
- SQLITE_DATABASE
- POSTGRES_URI
- MYSQL_URI
- MONGODB_URI
- REDIS_URI
- KEYCLOAK_URL
- KEYCLOAK_REALM
- KEYCLOAK_CLIENT_ID
- DBMCP_PORT
- DBMCP_OAUTH_ENABLED
Security Notes
The server implements robust security measures including: OAuth 2.0 authentication (RFC 9728/8414 compliant) with JWT validation and JWKS for signature verification; strict scope-based authorization; default restrictive CORS configuration; and extensive input validation (regex for table/column names) to prevent SQL injection. SQL queries predominantly use parameter binding, and logging sanitizes messages to prevent log injection. Strict TypeScript and ESLint configurations contribute to overall code quality and reduce potential vulnerabilities. No 'eval' or obfuscation patterns were observed. A point is deducted as some SQL string construction involves manual escaping rather than universally relying on parameter binding, though the implemented validation significantly mitigates this.
Similar Servers
genai-toolbox
MCP Toolbox for Databases is an open-source server that simplifies the integration of Generative AI agents with various database systems, handling complexities like connection pooling, authentication, and providing observability.
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
sqlite-mcp-server
Transforms SQLite into an AI-ready database engine with specialized tools for data analysis, JSON operations, text/vector search, and geospatial processing, integrating with MCP clients.
mcp-sqlite-tools
Enables LLMs to interact with and manage local SQLite databases, including read, write, schema, and transaction operations, with built-in security features.