We’re considering allowing Cursor to connect to internal databases (SQL Server, MySQL, Mongo, Dynamo) via MCP, but our DBA and CISO are concerned about security risks.
Has anyone here enabled this in their org? How do you secure it — read-only roles, proxies, IP restrictions, secrets management, etc.?
Curious if MCP-based DB access is viewed as safe enough for enterprise environments or still too risky.
I’m building an open source solution for exactly this. Instead of raw SQL, you define a policy file with what tables/columns/relations/mutations are allowed — agents can still compose queries flexibly, but only within those boundaries.
Would love to hear what specific concerns your DBA/CISO raised — happy to share what I’ve learned
Since the AI would use the DB as a user, you would hope that your DBA and CISO would have actually sorted out the security properly so that the AI - same as any other user - has all security controls properly set up?
Pay attention to who owns and operates the MCP server itself - if it’s some cloud thing, then yes - all your data will be visible to the service operators.