Security Considerations
Learn about security best practices for Database Tools MCP Server.
To ensure secure usage of the Database Tools MCP server, follow these best practices:
Network Security
- Access MCP server endpoints only over HTTPS.
- Ensure MCP clients can securely reach MCP server and IAM OAuth endpoints.
- When using private databases, configure network security groups and private endpoints to restrict access to trusted sources.
Credential and Secret Management
- Store database credentials securely using OCI Vault when using password-based authentication.
- Use resource principals or token-based authentication where possible to avoid managing long-lived credentials.
- Do not embed credentials directly in client configurations or code.
Token and Session Management
- Use short-lived OAuth access tokens to reduce exposure risk.
- Configure appropriate token expiration durations based on usage patterns.
- Reauthenticate users when tokens expire or are invalid.
Least Privilege Access
- Assign IAM application roles (such as MCP_User, MCP_Operator) based on user responsibilities.
- Restrict access to MCP toolsets and SQL reports using role-based controls.
- Limit database user privileges to only the operations required by the tools.
Tool and SQL Execution
- Prefer predefined and parameterized SQL (custom tools and SQL reports) over unrestricted ad-hoc SQL execution.
- Validate and review SQL and PL/SQL scripts used in MCP toolsets to prevent unintended data access or modification.
- Clearly define tool descriptions and parameters to guide correct usage by MCP clients and LLMs.