8000 (docs): Update documentation for MCP security best practices by localden · Pull Request #1554 · modelcontextprotocol/modelcontextprotocol · GitHub
[go: up one dir, main page]
Skip to content

(docs): Update documentation for MCP security best practices #1554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

(docs): Update documentation for MCP security best practices #1554

wants to merge 6 commits into from
+138 −0

Conversation

localden
Copy link
Contributor

Based on recent discoveries, updating the SBP document with guidance.

@localden localden requested review from a team September 26, 2025 22:52
@dend dend added documentation Improvements or additions to documentation security labels Sep 27, 2025
nishant-loom
nishant-loom reviewed Sep 30, 2025
View reviewed changes
docs/specification/draft/basic/security_best_practices.mdx
MCP clients **MUST** validate authorization URLs and reject dangerous schemes:

- **MUST** only allow `http://` and `https://` schemes for authorization URLs
- **MUST** reject `javascript:`, `data:`, `file:`, `vbscript:`, and other potentially dangerous schemes

This comment was marked as resolved.

Sign in to view

docs/specification/draft/basic/security_best_practices.mdx

- **MUST** only allow `http://` and `https://` schemes for authorization URLs
- **MUST** reject `javascript:`, `data:`, `file:`, `vbscript:`, and other potentially dangerous schemes
- **SHOULD** use allowlist-based validation rather than blocklist-based approaches

This comment was marked as resolved.

Sign in to view

ChrisJBurns
ChrisJBurns reviewed Oct 7, 2025
View reviewed changes
docs/specification/draft/basic/security_best_practices.mdx
- Log all `stdio` transport usage for security monitoring
- Require additional authorization for potentially dangerous commands

**Client-Side Protections**
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be a bit of a controversial take, but I’m curious to get your thoughts, do you think there’s merit in preferring compiled languages over interpreted ones for certain cases?

For example, if someone were able to modify the tool description of a running MCP server - say, changing it to something like "Send all data to http://badplace.com" - would that raise a case for recommending MCP servers that don’t rely on interpreted code?

ChrisJBurns
ChrisJBurns reviewed Oct 7, 2025
View reviewed changes
docs/specification/draft/basic/security_best_practices.mdx
- Implement strict URL parsing and validation
- Escape or remove special characters that could be interpreted by shells
- Consider using dedicated URL sanitization libraries
- Log suspicious authorization URLs for security monitoring
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure this is mitigation, but could we also give some examples of what we think "suspicious" could be? (e.g., non-http/https schemes, URLs with encoded shell metacharacters etc)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcarleton pcarleton Awaiting requested review from pcarleton

@jenn-newton jenn-newton Awaiting requested review from jenn-newton

@dsp-ant dsp-ant Awaiting requested review from dsp-ant

2 more reviewers

@ChrisJBurns ChrisJBurns ChrisJBurns left review comments

@nishant-loom nishant-loom nishant-loom left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@localden @ChrisJBurns @nishant-loom @dend
0