Mcp Based Database Query Execution With Read Only Enforcement

via “read-only sql query execution with safety defaults”

Query and explore PostgreSQL databases through MCP tools.

Unique: Implements read-only enforcement at the MCP server layer (not relying on database role restrictions), with explicit query validation before execution. This ensures safety even if the PostgreSQL user account has broader permissions.

vs others: Safer than direct database connections or REST APIs that expose write operations; more flexible than database-level read-only roles because it can be toggled per MCP server instance without modifying PostgreSQL permissions.

via “database integration and row-level security patterns for mcp”

This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workfl

Unique: Provides explicit patterns for row-level security and multi-tenancy in MCP database servers with parameterized queries, connection pooling, and authorization enforcement, rather than treating database access as a simple query wrapper

vs others: Addresses MCP-specific database security challenges (enforcing RLS for LLM-driven queries, multi-tenant isolation) that generic database access patterns don't cover, enabling safe exposure of sensitive data to LLMs

via “read-only mode enforcement for write operation prevention”

Provides Model Context Protocol (MCP) integration and tooling for Azure in Visual Studio Code.

Unique: Implements write-blocking at the MCP server boundary before operations reach Azure APIs, providing a hard security boundary that cannot be bypassed by agent prompting or client-side manipulation. Operates as a global toggle rather than per-tool configuration, simplifying deployment but reducing flexibility.

vs others: Simpler to configure than per-operation RBAC but less flexible than Azure's native RBAC; provides defense-in-depth by blocking writes at the MCP layer in addition to Azure's own permission checks.

via “read-only mode enforcement with write operation blocking”

A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API

Unique: Implements read-only enforcement at the tool registration layer, validating operation type before Graph API execution rather than relying on API-level permissions. Uses CLI flag and environment variable configuration for deployment flexibility.

vs others: More practical than API-level read-only because it prevents accidental writes at the application layer without requiring separate service principal setup. More auditable than relying on Graph API scopes because it's explicitly configured and logged.

via “controlled table data reading with row-level access limits”

A Model Context Protocol (MCP) server that enables secure interaction with MySQL databases

Unique: Enforces row-level access limits at the MCP protocol layer rather than relying on AI prompt instructions, using database-side LIMIT clauses to guarantee bounded data retrieval regardless of AI behavior or prompt injection attempts

vs others: More secure than exposing raw SQL execution to AI because limits are enforced by the database layer itself, not by client-side logic that could be bypassed through prompt manipulation

via “read-write capability gating with permission control”

Enhanced PostgreSQL MCP server with read and write capabilities. Based on @modelcontextprotocol/server-postgres by Anthropic.

Unique: Implements MCP-level query classification and gating to enforce read-only or read-write policies before execution, preventing LLMs from executing unintended mutations through a declarative policy model

vs others: Provides application-level permission control without requiring PostgreSQL role-based access control (RBAC) configuration, making it easier to deploy with existing databases

via “read-only query mode with write protection”

Enhanced PostgreSQL MCP server with read and write capabilities. Based on @modelcontextprotocol/server-postgres by Anthropic.

Unique: Implements write protection at the MCP server layer (not database-level permissions), allowing the same database user to have different access levels depending on the MCP configuration. Provides a simple on/off toggle for read-only mode.

vs others: Simpler than managing database-level roles and permissions for each LLM user, but less secure than true database-level access control.

via “dynamic query execution”

MCP server: sg-finance-data-mcp

Unique: Enables runtime query modifications through an MCP interface, providing greater flexibility compared to static query systems.

vs others: More adaptable than traditional query systems that require predefined queries and lack runtime flexibility.

via “write operation safety constraints”

Enhanced PostgreSQL MCP server with read and write capabilities. Based on @modelcontextprotocol/server-postgres by Anthropic.

Unique: Implements multi-level write constraints (read-only mode, table whitelisting, operation-level permissions) at the MCP handler level, allowing fine-grained control over LLM write access without requiring database-level role management

vs others: Provides application-level write safety constraints that are easier to configure and audit than database role-based access control, enabling rapid iteration on LLM agent permissions

via “read-only mode enforcement with configurable write operation restrictions”

** - Access and interact with Harness platform data, including pipelines, repositories, logs, and artifact registries.

Unique: Implements read-only mode as a startup configuration flag that conditionally registers write-capable toolsets, providing a simple but effective mechanism to prevent write operations in restricted environments. The implementation enforces read-only restrictions at the toolset registration level rather than per-operation, reducing complexity.

vs others: Provides simple read-only mode enforcement through startup flags, whereas fine-grained access control systems require complex permission management and per-operation authorization checks.

via “read-only query execution with configurable permission controls”

** - A Go implementation of a Model Context Protocol (MCP) server for Trino, enabling LLM models to query distributed SQL databases through standardized tools.

Unique: Implements query-level permission validation in the MCP server layer before queries reach Trino, providing defense-in-depth alongside database-level permissions. Uses configurable policy files to define allowed operations per schema/table, enabling fine-grained control without modifying Trino configuration.

vs others: More granular than Trino's native role-based access control because it operates at the MCP tool level, allowing per-query validation and LLM-friendly error messages. Simpler than implementing custom Trino plugins because it requires only configuration file changes, not Java development.

via “multi-database unified query execution via mcp protocol”

** (by Legion AI) - Universal database MCP server supporting multiple database types including PostgreSQL, Redshift, CockroachDB, MySQL, RDS MySQL, Microsoft SQL Server, BigQuery, Oracle DB, and SQLite

Unique: Uses Legion Query Runner abstraction to provide consistent query execution across 8 database systems with different SQL dialects and connection models, routing through FastMCP's DbContext state manager rather than requiring separate client libraries per database type

vs others: Unified MCP interface eliminates need for database-specific client management in AI agents, whereas alternatives like direct JDBC/psycopg2 require separate connection handling per database type

via “secure parameterized query execution with access control”

** - Provides AI assistants with a secure and structured way to explore and analyze data in [GreptimeDB](https://github.com/GreptimeTeam/greptimedb).

Unique: Implements MCP-level query validation and parameterization before GreptimeDB execution, with configurable timeout and result-set limits, preventing both malicious and accidental resource exhaustion from LLM-generated queries

vs others: Provides stronger isolation than direct database connections because the MCP server acts as a security boundary with query inspection and rate limiting, not just credential abstraction

via “rbac-gated sql query execution across multi-database backends”

** - An MCP server for securely (via RBAC) talking to on-premise and cloud MS SQL Server, MySQL, PostgreSQL databases and other data sources.

Unique: Implements RBAC at the MCP protocol layer with per-query policy enforcement across heterogeneous databases (SQL Server, MySQL, PostgreSQL), using DreamFactory's existing RBAC engine rather than building separate authorization logic — enables reuse of enterprise RBAC policies across AI agent interfaces

vs others: Stronger security posture than direct database connections or simple credential-passing because RBAC is enforced before query execution, not after, preventing agents from even constructing queries against unauthorized tables

via “read-only-safety-enforcement”

Anchord MCP is a hosted remote MCP server backed by the Anchord API. It helps AI agents resolve canonical customer identities, inspect linked records and targets, detect ambiguity, and evaluate proposed writes before acting. Anchord is read-only and never performs external writes.

Unique: Implements read-only enforcement at the MCP protocol layer, rejecting write requests before they reach Anchord's API. This prevents agents from even attempting writes, providing a hard safety boundary rather than relying on API-level permissions.

vs others: More secure than API-level read-only enforcement because it prevents write attempts at the protocol layer, reducing attack surface and ensuring agents cannot bypass restrictions through API manipulation or credential escalation.

via “select query execution”

Explore and query your MySQL database with ease. List tables, inspect table structures, and run SELECT queries to fetch results fast. Streamline debugging and analysis by getting schema details and data in one place.

Unique: Incorporates parameterized queries to enhance security and performance, ensuring safe data access directly from the model context.

vs others: More secure than traditional query execution methods due to built-in parameterization, reducing the risk of SQL injection.

via “read-only mode for safe experimentation”

Explore and query Neo4j graphs with Cypher. Discover schema, run read operations, and optionally execute writes. Toggle read-only mode for safer experimentation.

Unique: Provides a built-in toggle for read-only operations, enhancing safety during data exploration compared to standard query execution tools.

vs others: Offers a more user-friendly approach to safe experimentation than manual transaction management in Neo4j.

via “read-only sql query validation and execution”

** (by ergut) - Server implementation for Google BigQuery integration that enables direct BigQuery database access and querying capabilities

Unique: Combines query validation (blocking DML/DDL) with BigQuery's native 1GB processing limit to create a two-layer safety mechanism that prevents both data modification and cost overruns, implemented as middleware before query execution

vs others: More restrictive than BigQuery's native IAM (which can grant read-only roles) but more flexible because it allows selective query execution through LLM interfaces without requiring separate service accounts per user

via “read-only query execution”

A Model Context Protocol server that provides read-only access to MySQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.

Unique: Utilizes the Model Context Protocol to enforce read-only access, ensuring safe interactions with the database without risk of data corruption.

vs others: More secure than traditional database access methods as it prevents any write operations, making it ideal for sensitive data environments.

via “read-only sql query execution”

Access your MySQL databases securely and efficiently. List databases, tables, and execute read-only SQL queries without the risk of data modification. Simplify your database interactions with a robust, read-only interface.

Unique: Utilizes a secure connection protocol specifically designed for read-only access, preventing any accidental data modifications.

vs others: More secure than traditional database clients as it enforces read-only access at the connection level.