Well, this is the very nature of MCP servers. Useful for development, but it should be quite obvious that you shouldn't grant a production MCP server full access to your database. It's basically the same as exposing the db server to the internet without auth. And of course there's no security in prompting the LLM not to do bad stuff. The only way to do this right in production is having a separate user and database connection for the MCP server that only has access to the things it should.
replies(1):