Skip to content

Summary & Hotspots

11. Summary & Security Hotspots

This section summarizes the key security findings and highlights the most critical areas (hotspots) requiring careful attention during implementation and deployment of MCP Clients and Servers.

11.1. Key Findings Summary

  • Trust Boundaries are Key: Security posture heavily depends on controls at boundaries (User<->Client, Client<->Server, Server<->External).
  • Server-Side Validation is Crucial: Servers MUST validate all client input (URIs, tool args, prompt args) to prevent injection, traversal, etc.
  • Client Consent is Paramount: Features like tools/call and especially sampling REQUIRE robust, non-bypassable user consent flows in the client.
  • Tools == High Risk: The tools/call mechanism introduces significant risk (code execution); requires strict validation, least privilege, and user consent.
  • Transport Security is Foundational: Unsecured transports undermine all other security efforts.
  • Logging Needs Care: Logging (via notifications/message or locally) can leak sensitive data if not filtered/masked.
  • Capability Negotiation is Nuanced: Relying solely on declared capabilities for security decisions is unsafe.

11.2. Security Hotspots & Recommendations

  1. Tool Implementation (tools/call):

    • Risk: Arbitrary Code Execution, EoP, Tampering.
    • Recommendation: HIGHEST PRIORITY. Implement strict input validation (schema + value constraints). Apply least privilege; avoid shell execution if possible. Sanitize outputs. Consider sandboxing. Mandate Client-side user confirmation.
    • (See Section 4.3, Section 7.3, Section 9.2, Section 9.6)

  2. Resource Access (resources/read):

    • Risk: Path Traversal, Information Disclosure.
    • Recommendation: Implement rigorous URI validation and canonicalization on the server before filesystem access. Ensure paths are confined to allowed roots. Enforce authorization.
    • (See Section 4.2, Section 7.2, Section 9.4)

  3. Client Consent Implementation (sampling/createMessage, tools/call):

    • Risk: EoP (Server acting as user via Client), Information Disclosure (from Client context).
    • Recommendation: Clients MUST implement clear, non-bypassable user confirmation dialogs displaying all relevant information (full prompt, tool name/args). Securely log consent decisions.
    • (See Section 4.5, Section 6.1, Section 7.5, Section 9.6)

  4. Transport Security & Authentication:

    • Risk: Spoofing, Tampering, Information Disclosure.
    • Recommendation: MANDATE TLS (HTTPS/WSS) with certificate validation for non-local connections. Implement strong authentication where appropriate (e.g., OAuth 2.1).
    • (See Section 3.3, Section 6.2, Section 9.1, Section 9.2)

  5. Logging Practices:

    • Risk: Information Disclosure (credentials, PII).
    • Recommendation: Filter/mask sensitive data before logging. Use appropriate log levels. Secure log transport and storage.
    • (See Section 4.7, Section 7.8, Section 9.4)

  6. Input Size Limits & Rate Limiting:

    • Risk: Denial of Service.
    • Recommendation: Implement application-level limits on request/parameter sizes and request frequency.
    • (See Section 7.8, Section 9.5, Section 9.5)