Skip to content

Commit bc4fa12

Browse files
blvablva
committed
update
1 parent 3e07f20 commit bc4fa12

File tree

1 file changed

+14
-21
lines changed

1 file changed

+14
-21
lines changed

README.md

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -230,6 +230,20 @@ With Atlas API credentials:
230230

231231
#### Option 6: Running as an HTTP Server
232232

233+
> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
234+
235+
The server supports Streamable HTTP transport for remote connections.
236+
237+
**Required Security Measures:**
238+
239+
- Implement authentication (e.g., API gateway, reverse proxy)
240+
- Use HTTPS/TLS encryption
241+
- Deploy behind a firewall or in private networks
242+
- Implement rate limiting
243+
- Never expose directly to the internet
244+
245+
For more details, see [MCP Security Best Practices](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations).
246+
233247
You can run the MongoDB MCP Server as an HTTP server instead of the default stdio transport. This is useful if you want to interact with the server over HTTP, for example from a web client or to expose the server on a specific port.
234248

235249
To start the server with HTTP transport, use the `--transport http` option:
@@ -412,27 +426,6 @@ You can disable telemetry using:
412426
- **Command-line argument**: `--telemetry disabled`
413427
- **DO_NOT_TRACK environment variable**: `export DO_NOT_TRACK=1`
414428

415-
#### Streamable HTTP Transport
416-
417-
> **⚠️ Security Notice:** This server now supports Streamable HTTP transport for remote connections. **HTTP transport is NOT recommended for production use without implementing proper authentication and security measures.**
418-
419-
The server supports Streamable HTTP transport for remote connections.
420-
421-
**Required Security Measures:**
422-
423-
- Implement authentication (e.g., API gateway, reverse proxy)
424-
- Use HTTPS/TLS encryption
425-
- Deploy behind a firewall or in private networks
426-
- Implement rate limiting
427-
- Never expose directly to the internet
428-
429-
**Configuration:**
430-
431-
- **Environment variables**: `export MDB_MCP_TRANSPORT=http`
432-
- **Command-line argument**: `--transport http`
433-
434-
For more details, see [MCP Security Best Practices](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations).
435-
436429
### Atlas API Access
437430

438431
To use the Atlas API tools, you'll need to create a service account in MongoDB Atlas:

0 commit comments

Comments
 (0)