mssql-mcp-server

Name: mssql-mcp-server
Author: stilllovee

by stilllovee

Overview

Provides a Model Context Protocol (MCP) server for interacting with Microsoft SQL Server databases, supporting various SQL operations and connection methods.

Installation

Run Command

npx github:stilllovee/mssql-mcp-server

Environment Variables

DB_CONNECTION_STRING
DB_SERVER
DB_DATABASE
DB_USER
DB_PASSWORD
DB_USE_WINDOWS_AUTH
DB_DRIVER
DB_ENCRYPT
DB_TRUST_SERVER_CERTIFICATE
USE_API_KEY_MAPPING
AZURE_STORAGE_CONNECTION_STRING
AZURE_TABLE_NAME

Security Notes

SQL injection is mitigated for parameterized queries using `request.input()`. The HTTP transport includes API key-based authentication with Azure Table Storage for multi-database support. However, `AzureTableStorageService.upsertConnectionConfig` stores database connection configurations, including passwords, as a JSON string without explicit server-side encryption. This means if a user adds an API key with a password, it will be stored in plaintext in Azure Table Storage, requiring users to handle encryption externally before storing sensitive data. The various `execute` methods (DQL, DML, DDL) rely on method-level validation, but a malicious actor with access to the tool can craft destructive queries if allowed by permissions.

Similar Servers

mssqlMCP

The SQL Server MCP (Model Context Protocol) Server enables AI assistants like GitHub Copilot within Visual Studio Code to interact with SQL Server databases, allowing for SQL query execution, detailed database metadata retrieval, and management of connections and security.

Other

$Medium